Beruflich Dokumente
Kultur Dokumente
2
33 | P a g e Auditing Notes AUDI 101
Each audit firm uses its own type of materiality planning: either one of the following:...................46
Setting Planning Materiality levels :.................................................................................................46
Planning for qualitative assessment:................................................................................................46
the 4 Factors to be considered when quantifying planning materiality............................................46
Final materiality.................................................................................................................................................46
The Auditor must do the following to make a final materiality decision:..........................................46
Factors to be considered in evaluating unresolved audit differences..............................................47
CONCLUSION......................................................................................................................................................47
AUDIT RISK............................................................................................................................................................47
INTRO:................................................................................................................................................................47
the risk Based approach to auditing...................................................................................................................47
The components of audit risk:............................................................................................................................47
Inherent Risk :..................................................................................................................................47
Control Risk......................................................................................................................................47
Detection Risk .................................................................................................................................48
Risk at financial statement level and at assertion level:....................................................................................48
intro:................................................................................................................................................48
Risk and materiality ..........................................................................................................................................49
Assessment of audit risk....................................................................................................................................49
levels of risk.......................................................................................................................................................49
THE AUDITORS RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS........................50
INTRO:................................................................................................................................................................50
DEFINITIONS (LECTURER SAYS KNOW THESE WELL)..........................................................................................50
resposibility of management and those charged with governance:...................................................................51
resposibility of the auditor.................................................................................................................................51
responses to the risk of material misstatement due to fraud (DO LEARN THIS as per lecturer).........................52
At Financial Statement level: ..........................................................................................................52
At Assertion level:............................................................................................................................52
Management Override:....................................................................................................................53
Evaluation of Evidence:....................................................................................................................53
Management Representations:........................................................................................................53
fraud risk factors (do learn)................................................................................................................................54
intro:................................................................................................................................................54
fraudulent financial reporting:..........................................................................................................54
fraud risk factors relating to misstatements resulting from misappropriation of assets:.................55
communication with management and those charged with governance (not learn).........................................56
fraud and retention of clients (do learn)............................................................................................................57
CHAPTER 8: COMPUTER AUDIT THE BASICS............................................................................................................59
COMPUTER AUDITING............................................................................................................................................59
iNTRO:................................................................................................................................................................59
COMPUTER ENVIRONMENTS:..............................................................................................................................59
3
44 | P a g e Auditing Notes AUDI 101
A BRIEF DESCRIPTION OF DIFFERENT COMPUTER ENVIRONMENTS:...................................................................59
INTERNAL CONTROL IN COMPUTERISED ACCOUNTING SYSTEMS.......................................................................60
FACTORS PECULIAR TO COMPUTERISED SYSTEMS WHICH THE AUDITOR SHOULD BE AWARE OF.....................61
COMPUTER AUDITING............................................................................................................................................62
DEFINITION OF A GENERAL CONTROL:...............................................................................................................62
CATEGORIES OF GENERAL CONTROLS...............................................................................................................62
CONTROL ENVIRONMENT AND SECURITY POLICY:..............................................................................................62
ORGANISATIONAL STRUCTURE AND PERSONNEL PRACTICES............................................................................63
STANDARDS AND STANDARD OPERATING PROCEDURES...................................................................................64
SYSTEMS DEVELOPMENT CONTROLS (NB know very well).................................................................................64
program change controls...................................................................................................................................65
p........................................................................................................................................................................66
APPLICATION CONTROLS:......................................................................................................................................66
iNTRO:................................................................................................................................................................66
Definitions:.........................................................................................................................................................66
input, processing, output:..................................................................................................................................67
PROCESSING METHODS:....................................................................................................................................67
APPLICATION CONTROL FRAMEWORK : MASTERFILE AMENDMENTS..................................................................68
NB.....................................................................................................................................................................68
APPLICATION CONTROL FRAMEWORK : INPUT ...................................................................................................68
APPLICATION CONTROL FRAMEWORK : PROCESSING.........................................................................................69
APPLICATION CONTROL FRAMEWORK : OUTPUT................................................................................................69
MENU AND DESCRIPTION OF CONTROLS above:................................................................................................69
summary............................................................................................................................................................72
CAATS : COMPUTER ASSISTED AUDITING TECHNIQUES (SUMMARY –NOT NB).......................................................72
HOW DO CAATS FIT IN AUDIT PROCESS.............................................................................................................72
SYSTEM ORIENTATED CAATS.............................................................................................................................73
DATA ORIENTATED CAATS.................................................................................................................................73
FACTORS WHICH WILL INFLUENCE DECISION TO USE CAATS.............................................................................73
AUDIT FUNCTIONS WHICH CAN BE PERFORMED USING DATA ORIENTATED CAATS...........................................73
APPENDIX 1: ILLUSTRATION OF WHAT A DATA ORIENTED caat CAN DO:...........................................................73
THE USE OF MOBILE INFORMATION &COMMUNICATION TECHNOLOGY ON AUDITS...............................................74
WHAT THIS TECHNOLOGY CAN DO.....................................................................................................................74
SECURITY IMPLICATIONS OF USING MOBILE INFORMATION AND COMMUNICATIONS TECHNOLOGY ON AUDITS.
..........................................................................................................................................................................74
Security of clients files:......................................................................................................................................74
CHAPTER 2: PROFESSIONAL CONDUCT......................................................................................................................75
INTRODUCTION......................................................................................................................................................75
the ifac code of ethics........................................................................................................................................75
General guidance: Ethics and Professional Conduct...........................................................................................75
The Public Interest ............................................................................................................................................75
Pronouncements relating to ethics and professional conduct in South Africa ...................................................75
THE IFAC (SAICA) CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS...........................................................75
PART A - GENERAL APPLICATION OF THE CODE ..............................................................................76
PART B PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE...........................................................80
4
55 | P a g e Auditing Notes AUDI 101
ONLY THE PARTS WHICH ARE MARKED NB ARE DONE HERE : THE REST IS LEFT OUT TO END OF CHAPTER ON
PROFESSIONAL ETHICS..............................................................................................................................................81
PART C - PROFESSIONAL ACCOUNTANTS IN BUSINESS....................................................................82
PART d - PROFESSIONAL ACCOUNTANTS IN SOUTH AFRICA.............................................................83
CHAPTER 9 : NETWORKING.(ch9 in book)..................................................................................................................86
INTRODUCTION:.....................................................................................................................................................86
Trends in IT............................................................................................................................................................86
Networks...............................................................................................................................................................86
Definitions:............................................................................................................................................................86
Audit Implications of Networks:.............................................................................................................................86
databases..............................................................................................................................................................87
Definitions..........................................................................................................................................................87
audit and control implications:...............................................................................................................................87
Electronic Messaging systems...............................................................................................................................88
Audit and control implications of EDI:................................................................................................................88
EFT : Electronic funds transfer...........................................................................................................................89
THE INTERNET.......................................................................................................................................................89
Risks and controls:trading on the internet:........................................................................................................89
Computer bureaux.................................................................................................................................................90
Audit implications:.............................................................................................................................................90
VIRUS.....................................................................................................................................................................91
CATEGORIES of VIRUS:.......................................................................................................................................91
Kinds of .............................................................................................................................................................91
AUdit and control implications:..........................................................................................................................91
Chapter 10 : Revenue AND RECEIPTS CYCLE.............................................................................................................92
ACCOUNTING SYSTEM AND INTERNAL CONTROLS:................................................................................................92
INTRODUCTION:.................................................................................................................................................92
DOCUMENTS USED IN THE (Revenue+receipts)CYCLE.......................................................................................92
CHARATERISTICS OF GOOD INTERNAL CONTROL...............................................................................................92
FLOW CHARTS AND DESCRIPTION OF THE CYCLE..............................................................................................93
Auditing the CYCLE:...........................................................................................................................................95
financial statement assertions -in this cycle-(Isa 500).......................................................................................96
Important accounting aspects : specially for this cycle......................................................................................96
Fraud in the cycle..............................................................................................................................................96
TEsts of controls and substantive procedures....................................................................................................97
tests of controls.................................................................................................................................................97
substantive procedures......................................................................................................................................98
DIAGRAM OF ASSERTIONS:...............................................................................................................99
substantive procedures for the audit of debtors:.............................................................................99
Use of audit software (substantive procedures) for debtors.............................................................................101
substantive procedures for auditing bank/cash................................................................................................101
Chapter 11 : Acquisitions and payments cycle:.......................................................................................................103
The accounting system and internal controls:.....................................................................................................103
documents in the cycle:...................................................................................................................................103
5
66 | P a g e Auditing Notes AUDI 101
characteristics of good internal control:...........................................................................................................103
flowchart and description of cycle....................................................................................................................104
auditing the cycle:...............................................................................................................................................105
Intro.................................................................................................................................................................105
Financial statement assertions and this cycle..................................................................................................106
FRAUD in the cycle...........................................................................................................................................106
tests :...............................................................................................................................................................106
TESTS OF CONTROLS:......................................................................................................................................106
Substantive Procedures:..................................................................................................................................107
dual purpose tests...........................................................................................................................................107
creditors balance (trade) performing substantive procedures on :..................................................................108
Use of audit software (substantive procedures) for creditors balances............................................................108
CHAPTER 12 INVENTORY AND PRODUCTION CYCLE...............................................................................................110
ACCOUNTING SYSTEM AND INTERNAL CONTROLS:..............................................................................................110
INTRODUCTION:...............................................................................................................................................110
Characteristics of the cycle..............................................................................................................................110
Documents in the cycle....................................................................................................................................110
3 Objectives of the cycle..................................................................................................................................110
Risks of the cycle.............................................................................................................................................111
Auditing the cycle:...........................................................................................................................................114
Financial Statement Assertions .....................................................................................................114
Important accounting aspects –ias2 –inventories...........................................................................115
fraud in the cycle:............................................................................................................................................116
tests of controls and substantive procedures:..................................................................................................116
Tests of controls.............................................................................................................................116
substantive procedures..................................................................................................................117
POST INVENTORY COUNT PROCEDURES: (bit nb sort of)................................................................117
the use of audit soft ware (substantive testing).............................................................................119
chapter 13 payroll and personell cycle....................................................................................................................120
accounting system and internal controls.............................................................................................................120
Introduction:....................................................................................................................................................120
Documents used in the cycle:..........................................................................................................................120
characteristics of good internal control:...........................................................................................................120
flowchart & description of cycle :.....................................................................................................................121
Auditing the cycle................................................................................................................................................123
introduction.....................................................................................................................................................123
Assertions:.......................................................................................................................................................123
fraud in the cycle.............................................................................................................................................123
audit procedures: salaries & related accounts...............................................................................123
audit procedures :Wages & related Accounts:..............................................................................124
the use of audit soft ware (substantive procedures)........................................................................................125
HOW TO DO A RECONCILLIATION FOR SALARIES AND WAGES AS PER IAS ACC. STANDARDS IN THE NOTES TO
THE FIN. STATS................................................................................................................................................126
6
77 | P a g e Auditing Notes AUDI 101
7
88 | P a g e Auditing Notes AUDI 101
8
99 | P a g e Auditing Notes AUDI 101
9
1010 | P a g e Auditing Notes AUDI 101
SEMESTER II
Q1- what is yellow highlight below:ie: ”client held”
Q2-ask yellow why queries from debtors not by the person who is in charge of debtors ie:debtors clark , eg: the
person in charge of creditors, debtors, etc.
8- 1-bank deposit 1-deposits not 1-CRJ daily by date & number from receipts (if
Recording slip recorded/or rec. issued)
2-CRJ timeously 2-Queries from debtors : by person independent
of 3-DL 2-recorded deposits of 1’debtors’ & 2’banking&recording of cash
Receipts 4-GL may functions.’
(?remittance (a)inaccurate 3-recon1 bank statement TO cash book mnthly
list/receipts (b)overstated(fictit + independentof banking&recording employee
issued/customer ious) + reviewed by senior official.
remittance (c)cr to wrong 4-recon2 CRJ supervisor (a)CRJ vs gaps 1dates
advice)? debtor 2sequential
(b) test CRJ to DL
5-recon3 DL to GL control acc. Independent
employee regular
Assertion : valuation & allocation : isn’t it a bit similar to ‘classification and presentation’ , what the difference
between italics.
1) What is a year end creditors recon? what is a creditors list- a ledger Y/N?
1. HOW DO the method for doing a inventory count while there is dispatch going on in the background?
2. What is the yellow here, so variable selling costs eg marketing or commission must be subtracted from ‘closing
stock’ in the financial statement or how??normall this is a period cost is it not :? Definition:Net Realisable
value :
i. The estimated selling price in the ordinary course of business less the estimated costs of
completion and the estimated costs necessary to make the sale.
3.
11
1212 | P a g e Auditing Notes AUDI 101
TERMS:
1) Verify: means determine somethings truth or falsity.
2) AUDIT OBJECTIVE
3) FORMING AN OPINION : make up your mind.
4) FAIR PRESENTATION of fin info/ fin stats : properly ,correct
5) Cycles of company.( in duty segregation)
6) Functions of company( in duty segregation)
7) material : do make a difference.
8) misstatement : wrong entry/number etc.
9) appropriately :
10) Corroborative Evidence : evidence which confirms/corroborates something eg: to obtain
info from a debtor to confirm his account is what it says.
11) ASSURANCE GIVER.
12) ASSURANCE ENGAGEMENT
13) Audit Differences : show a material misstatement in Fin.Stats. or Not.( OVERS AND
UNDERS SCHEDULE)
14) OVERS AND UNDERS SCHEDULE: shows all the “Audit Differences” which are the
differences between what the fin. Stats. Say and what auditor works out to be the real
figures.
1) Definition; ISA315 :risks that require : Special audit consideration
15) Emoluments :
16) Misallocate : eg an expense to wrong account
17) Batch Control System: system of controlling physical movement of data (eg invoices,wage
cards,printouts output) to and from user Depts.
18) Compilation engagement :
19) Agreed upon procedure engagement :
20) Conducted : done,eg employees conducted a control procedure
21) Casts: means addition in accounting of number of fields.
22) Extentions:
23) Allocate : overheads for job costing/manufacturing/std.costing. or allocate expenses etc to
correct account in ledger
24) Accumulate : costs eg direct labour and materials, to each specific account by journalizing
it for job costing or std.costing
25)
12
1313 | P a g e Auditing Notes AUDI 101
13
1414 | P a g e Auditing Notes AUDI 101
INTRODUCTION
1. Text Book :Jackson & Stent :Auditing notes for SA students. + Graded Questions edition 9
from same authors second book.
2. Coursework semester 1: Chapter 1+5+7+8 then briefly back to 3 one or 2 sections
3. 2/3 tests +3/4 assignments
4. Lect: Mr Poopedi, 3rd floor Kblock 1st room on left.
5. Lectures :mon 1st ,wed 2+3 , fri some or other.
14
1515 | P a g e Auditing Notes AUDI 101
Income Statement
Statement of Equity
-------------------------------------------------------------------------------------------------------------------------------------
WHAT IS AN AUDITOR?:
1. An Auditor = ASSURANCE GIVER. : from word “audire” Latin means “to hear” from
owner hear/audit to employ a auditor.
2. An Audit = ASSURANCE ENGAGEMENT. : “ expresses a conclusion designed to
enhance the degree of confidence of the intended users other than the
responsible party ,about the outcome of the evaluation or measurement of a
subject matter against the criteria (attempt to enhance credibility of a “statement;
event ; figures)
3. International Framework for Assurance Engagements : defines an assurance engagement
as: “ in which thea practitioner expresses a conclusion designed to enhance the degree of
confidence of the intended user…”
4. The basic premise = ‘Enhance credibility of information’ or ‘increasing degree of
confidence of users’
5. TYPES OF AUDITOR:
1-Enhance whos confidence
2-Independant of what
3-What do they do
4 anything else might want to add
a. EXTERNAL AUDITORS
i. 1-Independent of company audited opinion - 2-fin stat fairly present fin pos +
results – 3-lend credibility + enhance confidence users of fin stats.4-for
statutory purposes, more for external users needs,less ,but also,for
internal(head office confidence subsidiary)
b. INTERNAL AUDITORS
i. 1-Independent (of dept audited) assignments –2-for mngmnt confidence- 3-
efficiency, economy, effectiveness –business processes+ internal controls. ,4-
for internal users not external,not for statutory purposes.
c. GOV. AUDITORS
i. Independent of gov. dept. audited – enhance senior Gov. confidence in lower -
d. FORENSIC AUDITORS
i. Independent of entity under investigation –investigate + gather evidence fin
mismanagement ,fraud, theft for client eg police, court etc..
15
1616 | P a g e Auditing Notes AUDI 101
e. SPECIAL PURPOSE AUDITORS.
i. Environmental auditors(compliance enviro. Regulations) – Vat auditors(SARS)
– enhance confidence SARS
6. COMMON ESSENTIAL CHARACTERISTIC : 1. Characteristic of INDEPENDENCE.
…….if not independent=NOT A VALID AUDIT.
7. OTHER ESSENTIAL CHARACTERISTICS: IFAC code ethics for Prof. Accountants.
1 INTEGRITY :straightforward , honest , moral
2 OBJECTIVITY : impartial, fair, not influenced by prejudice/bias
(independent)
3 PROFESSIONAL COMPETENCE and DUE CARE:maintain professional
knowledge/skill at required level &performing work diligently.( eg
auditors must attend min 1 symposium on IFRS per year by SAICA law to
be a member)
4 CONFIDENTIALITY: respecting the confidentiality of client information.
5 PROFESSIONAL BEHAVIOUR: comply laws ®ulations , avoid behavior
which discredits the profession.
WHY IS THERE A NEED FOR AUDITORS ?:
SPLIT BETWEEN MNGMNT & OWNERSHIP:
1) Owners -Management split –need Auditor to verify : truth,correct,fair presentation for owner.
(owner not time/expertise to do it)as business evolved …
CONFIDENCE IN FINANCIAL INFORMATION.
1. Investors in businesses that fin info is reliable
2. Gov. can trust Fin Info to set the tax rate equitable basis, run economy
3. Investors direct toward needs which?-risk/return
4. Develop economy as a whole- ensure funds go to sound mngmnt,strong productiveity,sound
FinPos
5. Inspire confidence in how gov handles its finances
ACCOUNTABILITY:
1. Directors to company etc –Gov. to taxpayers – Companies for treatment of Environment
etc + SOUND CORPORATE GOVERNANCE.
ASSURANCE AND NON-ASSURANCE ENGAGEMENTS.
ASSURANCE ENGAGEMENTS:
1) As per International Framework for Assurance Engagements :An assurance engagement is
one in which the professional accountant
: “ expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party ,about the outcome of the
evaluation or measurement of a subject matter against the criteria “
2) Elements of an Assurance Engagement.:
a) THREE PARTY RELATIONSHIP :1-Prof. accountant 2-Responsible Party 3-Intended User
i) Eg: 1-registered auditor 2-directors responsible for AFS 3-shareholders
b) A SUBJECT MATTER: Eg: Financial Position or Results of operations
c) SUITABLE CRITERIA : Eg: International Fin. Reporting Standards (IFRS)
d) SUFFICIENT APPRORIATE EVIDENCE : Eg: evidence needed to conclude Fin Stats free of
material misstatements
e) WRITTEN ASSURANCE REPORT : Eg: The Audit Report on Fair Presentation.
3) Examples :Assurance Engagements:
16
1717 | P a g e Auditing Notes AUDI 101
a) Audit of Fin Stats : The Registered auditor gathers sufficient appropriate evidence to be in
a position to pass an opinion on whether the directors ,who are responsible for the AFS ,
have applied the IFRS standards appropriately in presenting fairly,the fin pos fin perf. and
cash flow info.
b) Other types: 1-effectiveness of internal control system ( there are criteria/standards) 2-
COMPLIANCE WITH SARBANNES-OXLEY ACT.
NON-ASSURANCE ENGAGEMENT (DO NOT MEET DEFINITION OF AN – OR
DO NOT CONTAIN THE ELEMENTS)
a) Where does not :enhance credibility, and pass an opinion , but rather perform a
task eg:
b) Eg: no 3rd party involved , or client does not require assurance, or no suitable
criteria/benchmarks.
c) Eg: Tax Return , or compile(collect+classify+summarise) certain info.
Etc,efficiency,correct sales strategy,
REASONABLE ASSURANCE.
1) Auditor DOES NOT ever CERTIFY / or CONFIRM CORRECTNESS :he only EXPRESSES AN
OPINION on it's FAIR PRESENTATION.
2) Reasonable assurance THAT NO misstatement done- NOT 100% correct to be sure! A
REASONED OPINION IS GIVEN.
3) WHY AUDITOR CANNOT CERTIFY FINANCIAL STATEMENTS:
a) The use of testing :ONLY % OF ALL TRANSACTIONS CHECKED-Called 'TEST CHECKING'-
expensive /time constraints.
b) INHERENT LIMITATIONS OF ACCOUNT & INTERNAL CONTROL SYSTEMS: -must place
reliance on clients safety features inherent limitations-no system is 100% foolproof.
c) Audit evidence is usually (Docs etc.) PERSUASIVE not CONCLUSIVE. – eg: documents only
persuade that a transaction took place –not prove it(must rely on documenty!
d) SUBJECTIVITY OF FINANCIAL STATEMENTS & AUDITORS APPROACH to audit.-
i) Eg : Subjective estimates of Eg : Fixed & Current Assets -bad debts /depreciation
impairment,stock obsolescence-
e) SUBJECTIVITY OF FINANCIAL STATEMENTS & AUDITORS APPROACH to audit.-
i) Auditors choice & timing of tests varies one to the next auditor.
LIMITED ASSURANCE ENGAGEMENTS:
International framework for assurance engagements further classifies assurance engagements
into Limited Assurance Engagements and Reasonable Assurance Engagements –further done in
ch 19.
STATUTORY AND NON-STATUTORY ENGAGEMENTS.
1) Statutory Engagements : required by Act of Parliment. eg: 1-company annual audit.
(companies Act) 2-Fin.Institutions Act=bank annual audit
2) Non-Statutory Engagements :NOT required by law. Eg: audited Fin. Stats. For a loan or if
a partnership/C.C. builds into partnership/ association agreement or if a Regulatory Body
requires assurance with Corporate Governance requirements.
AUDITING POSTULATES. 8 OF BY MAUTZ & SHARAF IN PHILOSOPHY OF AUDITING 1961
Definition: Postulate.
Thing claimed as a basis for reasoning, and, Provides a starting point/fundamental
condition as a basis for thinking about things & arriving at solutions.The very
foundation on which the discipline is built.
17
1818 | P a g e Auditing Notes AUDI 101
1) No neccessary conflict of interests exist between the auditor and 1-Management
OR 2-Employees of the enterprise.
a) Both client and auditor want Fin Stats to achieve fair presentation ,management is not
trying to cheat.
b) It becomes impossible to do a conventional (normal) audit if mngmnt are trying to cheat.-
economicly & operationally feasable
c) In current times relevance becoming questionable due to rising fraud etc of mngmnt.
d) For todays times and latest auditing standards newly developed : AUDITOR CANNOT
ACCEPT THIS POSTULATE AS BEING TRUE, HE MUST EVALUATE MNGMNT INTEGRITY WITH
{'PROFESSIONAL SCEPTICISM' –ONE OF PRINCIPLES OF Generally Accepted Auditing
Standards }–NOT BE LED AROUND BY THE NOSE-
e) Similar to (5) – very expensive or impossible audit if Mngmnt Unreliable.
2) An Auditor must Act 1-Exclusively As An Auditor in order to be able to Offer an 1-
Independant and 2-Objective Opinion on the 1-Fair Presentation of Fin. Info. ( to
be INDEPENDANT)
a) Free of bias,independant ,cannot do other work for client eg: accounting.
b) Currently under fire eg: enron+anderson accounting etc.
3) The Professional Status of the independant auditor Imposes commensurate
Professional Obligations.
a) Concepts of 1-Due Care , 2-Service before personal interest , 3-Efficiency ,4-Competence.
4) Financial data is Verifiable.
a) It is possible to verify clients data.- there will be sufficient evidence to support
transactions.
b) Audit Objective of forming an opinion on fair presentation of fin info/ fin stats. Needs
verification or cannot.
c) Eg e-commerce ...must develop new ways of verification.
d) Poor internal controls make fin. Info. NOT verifiable.
5) Internal Controls reduce the Risk of Errors & Irregularities.
a) Makes errors possible not plausible ,eg sequential numbering makes duplication/omission
of source docs. Reduced.
b) The more controls, the less detailed investigation/less samples. Zero controls =cannot do
audit /or very expensive.
6) Application of IFRS results in fair presentation .(international financial reporting
standards)
a) If you adhere to GAAP FRAMEWORK –it results in fair presentation.( not his own personal
preference ,but GAAP)
7) That which Held True in the Past will Hold True in the Future, in the absence of
any Contrary Evidence.
a) Factual historical evidence more powerful than speculation, eg: measure Prov. Bad Debts.
By history of debtors.-But eg: directors integrity may decline.
8) The Fin. Stats. submitted to auditor for verification are free of Collusive and other
unusual Irregularities.
a) Unless contrary evidence, it can be taken for granted that management took steps to
prevent collusion, and they were not involved in any.
b) These Made in1961 –current cynisism- current focus on Corporate Governance –
Introduction of Professional Sceptisism as important prereqiusite for auditors lately –The
objective of auditors is: fair presentation – NOT an all out search for fraud.
THE ACCOUNTING PROFESSION :
1) Professional Status is achieved by the PUBLIC recognising a BODY OF PRACTITIONERS.
2) SAICA says a profession is distinguished by:
a) Professional offers : mastery specialised skills ( by study,practical training)
18
1919 | P a g e Auditing Notes AUDI 101
b) Render services to a High standard of conduct +performance .(Regulatory
mechanism/ regulatory body -laws restricting admittance,freedom from uninhibited
competition, voluntary advancement of profession,ethical code)
c) Accept duties to society as a whole + to client+employer.
d) Objective outlook. Members of profession show ethical commitment above monetary
gain.(peer evaluation not 'most money
e) OF PARTICULAR IMPORTANCE IS PRINCIPLE OF OBJECTIVITY.
f) Integrity + Prof Skills&due care +Objectivity +Confidentiality.
ACCOUNTING BODIES IN SA
1) SAICA S A institute of chartered accountants.
a) Registeredwith IFAC international federation of accountants – looks after interests of
professional accountants.(all types)
2) ACCA Assosiation of chartered certified accountants.
3) CIMA Chartered institute of management accountants
4) IRBA Independant regulatory board for auditors brought intp being by Auditing Profession
Act.to replace PAAB public accountants and auditors board.public accountants and auditors
act was repealed same time
a) Looks after intersts of auditors + pulic + discipline auditor members.
b) ALL AUDITORS must register with the IRBA after passing part 1+2 of saica exam and be
member of saica-AS PER LAW.
5) IAASB- international auditing and assurance standards board formulate the:
6) IFAE :International Framework for Assurance Engagements
7) IFRS –international fin. reporting standards.
8) IFAC (international federation of accountants)
9) ISA –International standards on auditing
PRONOUNCEMENTS WHICH REGULATE THE PROFESSION.
1) In order to ensure high standards of ethics conduct & skill,
a) ISA 200 states ; objectives & general principles governing an audit of Fin Stats. :
i) Comply with IFAC code of ethics for professional accountants
ii) Conduct audit accordance International standards on auditing.
b) Legislation to ensure : ( some examples of 8 or more)
i) Companies Act 2008
ii) SAICA constitution and by-laws.
iii) Auditing profession act 2005
iv) IRBA rules& code
v) IFAC code of ethics for professional accountants
vi) International auditing practice statements(IAPS)
vii) South African auditing practice statements(SAAPS)
viii) International standards on
(1)Auditing(ISA)
(2)Review engagements(ISRE)
(3)Assurance engagements(ISAE)
(4)Related services(ISRS)
THE FINANCIAL STATEMENT AUDIT ENGAGEMENT.
INTRODUCTION.
1) An EXTERNAL Audit Engagement is called an ASSURANCE engagement + must be
conducted by a registered auditor.
2) The OBJECTVE of an AUDIT is (as per ISA 200)
19
2020 | P a g e Auditing Notes AUDI 101
a) Enable AUDITOR to EXPRESS OPINION on whether FIN STATS. , is Fairly Presented.in all
MATERIAL aspects, in accordance with AN IDENTIFIED REPORTING FRAMEWORK –
International Reporting Framework and/or statuory requirements,
b) ISA 200 warns objective is NOT to DISCOVER FRAUD or ENSURE COMPLIANCE WITH
THE LAW.(this is mngmnts responsibility.) Auditor ONLY : " REASONABLE
EXPECTATION of DETECTING SUCH IF they AFFECT FAIR PRESENTATION ie: IF
Fin. Info. CONTAINS MATERIAL MISSTATEMENT.
A MODEL OF INDEPENDANT AUDIT OF FIN STATS ARISING OUT OF
COMPANIES ACT (STATUTORY AUDIT)
1)Statutory laws arose from need to protect investors + economic system as a whole.
2)Most common audit engagement is the audit of private & public companies Fin.Stats. by
registered auditors in public practice.
THE ROLES OF THE VARIOUS PARTIES
SHAREHOLDERS
a) Provide finance for business
b) Appoint directors
c) Appoint auditors (to opinion assertions of directors to shareholders fair)
d) Receive Annual Fin. Stats.
DIRECTORS
e) Running company
f) Reporting results OF THEIR STEWARDSHIP to shareholders.
AUDITOR
g) Independant opinion Fin info. fairly presents fin. Pos + fin Res.
h) Report to shareholdersl
SHAREHOLDE
DIRECTORS
RS
AUDITORS
SUMMARY:
Scan in pg1/16 bottom
21
2222 | P a g e Auditing Notes AUDI 101
INTERNAL CONTROL
INTRODUCTION
1) ISA 315- before an auditor can audit a thorough understanding of a clients internal control
systems should be obtained –(do a walk through)
2) Internal Contols: + acc.sys. produce balances & totals –good acc.sys. = generates good ( 1-
valid,2-accurate,3-complete,4-timeous = “FVACT”) info.
3) Auditor more interested in acc. info. less in other info : eg sales analysis,budgeting
info,marketing info etc.
DEFINITION OF INTERNAL CONTROL.
DEFINITION (PER SAICA BOOKLET :'GUIDANCE FOR DIRECTORS:REPORTING ON
INTERNAL CONTROLS')
Internal Control is a PROCESS effected by the 1- COMPANIES BOARD OF DIRECTORS ,2-
MANAGEMENT AND 3-OTHER PERSONNEL.Designed to provide REASONABLE
ASSURANCE regarding the achievement of OBJECTIVES in the following 3 categories:
i) 1-ECONOMY 2- EFFICIENCY 3-EFFECTIVENESS.
ii) INTERNAL FINANCIAL CONTROL
iii) COMPLIANCE with applicable LAWS & REGULATIONS.
FOUR ASPECTS OF INTERNAL CONTROL FROM ABOVE DEFINITION.
1. Internal control is a PROCESS , a means to an end, not an end in itself.
2. AFFECTED BY PEOPLE ,not just procedures/policies.
3. Only REASONABLE ,NOT ABSOLUTE ASSURANCE.
4. To achieve objectives in 3 CATEGORIES , which are INTERLINKED. (3 in definit.)
(ISA 315). 5 COMPONENTS OF INTERNAL CONTROL (IN CH 7)
1. CONTROL ENVIRONMENT (all):+attitudes,awareness,actions, of those
responsible for governance,mngmnt
2. ENTITIES RISK ASSESMENT PROCESS:
3. INFORMATION SYSTEM :transactions
4. CONTROL ACTIVITIES : actual sys.
5. MONITORING OF CONTROLS : eg internal audit dept.
INTERNAL CONTROL OBJECTIVES.
1) Policies & Procedures (internal controls) to ensure orderly & efficient conduct of business.incl.
controls to :
a) ADHERE TO MNGMNT POLICIES (INCL. APPLICABLE LAWS & REGULATIONS!)
b) SAFEGUARD ASSETS
c) PREVENT& DETECTION OF FRAUD & ERROR
d) ACCURACY & COMPLETENESS OF ACC RECORDS
e) TIMELY PREPARATION OF RELIABLE FIN. & OTHER INFO NECESSARY TO RUN
BUSINESS.
LIMITATIONS OF INTERNAL CONTROL.
1) Cost exceed benefit –limits capacity of int.controls.
22
2323 | P a g e Auditing Notes AUDI 101
2) Directed at routine transactions. –miss non-routine eg sell copier.
3) Human error. – eg: calc. discount after vat.
4) Collusion- eg fraudulent paypacket- collude wage clerk,foreman,personell mngr.
5) Abuse of responsibility over internal control.- eg mngr overrides stop on purchases for
overdue acc.
6) Changes in CONDITIONS causes INADEQUATE controls.- sales clerk not check credit
record/overdue acc. due to volume
THE ACCOUNTING SYSTEM
1) Category of int. controls = 'INTERNAL FINANCIAL CONTROLS'.
2) Collection of TASKS & RECORDS to process transactions to create fin.records
3) Maj. elements = 1-PAPER 2-PROCEDURES 3-PEOPLE 4-COMPUT
4) BUT , to ensure VALID ,ACCURATE,COMPLETE +TIMEOUS ADD: control procedures to
Acc.Sys. (not calc.price,write invoice,enter in sales journal, BUT check customer not overdue
before sale, check calculations, mnthly check if entered in sales journal afterwards.
WHO IS INTERESTED IN WHAT?
INTERNAL CONTROL
FOR THE BUSINESS
AS A WHOLE
OPERATIONS:
ECONOMY INTERNAL COMPLIANCE WITH
EFFICIENCY
EFFECTIVENESS FINANCIAL LAWS AND
CONTROL REGULATIONS
ACCOUNTING CONTROL
SYSTEM PROCEDURES
24
2525 | P a g e Auditing Notes AUDI 101
(a) NON-PHYSICAL : Debtors get legal dont pay status from too long time wait to
pay,with no court action.
(b)Physical :
(2)Prevent deterioration of
(a) NON- PHYSICAL ASSETS eg: debtors get behind in payments.
(b)Physical Assets.
(3)Unauthorised USE , THEFT , LOSS. Eg security
(a) NON-PHYSICAL : limit no. of personell with powers to cash payment / or sell
investment. Or prevent DEBTORS LEDGER from being altered.
(b)Physical :
6) Source Document Design: ('PAPER')
1. Properly designed docs. can assist in achieving good internal control. by have following
features -Esp. Fin Control.
i) Pre-printed – format leaves MINIMUM AMOUNT OF INFO. to be filled in.
ii) Pre-numbered- facilitates IDENTIFICATION OF MISSING /Added FORMS (used by
skelms)–by data entry clerk end week.
iii) Logicaly designed : eg : Prominent 'important info' spaces , + blocks per digit in acc.
no. so allways 10 get put in.
iv) Contain Prominent Block each for 1-authorising / 2-approving / 3-preparer etc etc to
sign in.
v) (a) MULTI-COPIED (vi)CARBONISED SELF COPYING , (vii)DIFFERNT COLOURS
EACH SHEET.-sales clerk fills form for : 1-picking slip to stores 2 +to accounting, all in
one go.
7) Comparison and Reconcilliation.
1. 1-FREQUENT AND 2-TIMEOUS comparison & recons.
2. INDEPENDANT from functions & records kept.
Following 2 make all recons far less effective as a control:
3. AGAIN REVIEWED BY SENIOR PERSONEL.
4. FOLLOWED UP / investigated and pursued.(+ report where it went or auditors fees go
up!).
5. Following recons & comparisons ARE IMPORTANT.
i) Stock & fixed assets to records. Eg: stock cycle counts.
ii) Bank and investments accounts to Bank statements eg bank recon.
iii) Creditors accounts to creditors statements.
iv) Subsidiary ledgers to general ledger.
8) Efficient risk identification & monitoring system : ADDED later from a later chapter
:: eg audit committees, internal control design committees, risk
officer/manager/supervisor/appointee
AUDIT EVIDENCE.
25
2626 | P a g e Auditing Notes AUDI 101
2) Evidence is Cumulative : eg debtors test = 1-debtors circularisation +2-test if debtors
pay( very good evidence they exist!)
3) To calc. quantity of evidence needed =NO hard and fast way ,only :USE professional
Judgement + statistical methods.This is done as part of the "AUDIT PLAN" stage.
APPROPRIATE EVIDENCE.
1) APPROPRIATE means if QUALITY of evidence is enough. Further broken down into:
a) RELIABILITY (source & nature)
b) RELEVANCE (to assertion being tested)
r
2) RELIABILITY : Hierarchy of Reliability of Evidence:
a) Most Reliable =Developed by auditor : eg inspect stock.
b) Reasonably Reliable =Evidence from 3rd party(not client) if 1-Independant 2-
Reputable 3-Competent eg attorney
c) Less Reliable = From 3rd party BUT passed through client. Eg: bank statement.
d) Less Reliable = Evidence from clients SYSTEM and where related controls it passed
through were Effective
e) Least reliable = Evidence provided by client (lacks independance)
f) Written more reliable than oral.(easy denied)
g) Original documents More than Photocopies /facsimiles.
Also, REM these are guidelines, eg if competence +integrity of directors&employees are strong
&acc.sys and internal controls are strong, evidence from client could be very reliable.
Eg sheet to shelf = existance BUT shelf to sheet =completeness.
3) RELEVANCE :
a) Evidence MUST be MATCHED to assetion tested : eg; self stock count=
'existence'+some 'valuation' BUT not 'rights' eg could be uncollected but sold .NOR
'completeness' yet eg must first be traced to records to determine if all were included in
records.
b) Eg tests of controls as to accuracy will not prove validity or completeness.
c) A single procedure could be relevant to more than 1 assertion though.
INFLUENCEING FACTORS IN DETERMINING WHETHER SUFFICIENT APPROPRIATE
EVIDENCE HAS BEEN OBTAINED.
1) THE ASSESMENT of Inherent Risk and Control Risk at the client. :if higher risk – more
evidence from most reliable source needed.
2) THE MATERIALITY Of Item Being Examined :eg if stock is very material – auditor must
get more of appropriate evidence.-why –greater likelihood of material misstatement.
3) Experience from Previous audits (at same client). HISTORY
4) Results of audit procedures ALREADY CONDUCTED. – eg if test of debtors was good ,
then do less other tests.
5) RELIABILITY and Source of info.available. if no reliable tests available, then much more
of less reliable tests must do.
6) PERSUASIVENESS of the audit evidence : eg: evidence gathered on one section of audit
which is Supported by evidence from another section = more persuasive .If it Contradicts it =
less pesuasive.
FINANCIAL STATEMENT ASSERTIONS:
26
2727 | P a g e Auditing Notes AUDI 101
2) Embodiment of Assertions: the financial statements are the EMBODIMENT of the
ASSERTIONS of the DIRECTORS of the COMPANY ,in the PRESCRIBED FORMAT , on the
FINANCIAL RESULTS and PERFORMANCE of OPERATIONS ,which they are managing on behalf
of shareholders.
3) ISA 500R : the auditor should use assertions for classes of transactions ,account
balances,and presentation and disclosure,in sufficient detail to form a basis for the
assesment of risks of material misstatement and the design and performance of further audit
procedures.
4) It is the Auditors duty to gather sufficient evidence to support assertion being audited.
5) Every assertion should be considered for audit, but those assert. presenting highest risk of
MATERIAL MISSTATEMENT by the AUDITOR in his'"OPINION on ... ", must be concentrated on.
27
2828 | P a g e Auditing Notes AUDI 101
DIAGRAM OF ASSERTIONS:
28
2929 | P a g e Auditing Notes AUDI 101
2. Auditor self stock count= 'existence'+some 'valuation' BUT not 'rights' eg could be
uncollected but sold .NOR 'completeness' yet because must first be traced to records to
determine if all were included in records.
3. sheet to shelf = existance BUT shelf to sheet =completeness.
4. Tests of controls specificaly as to accuracy will not prove validity(?occourence /existence? )
or completeness.
THE AUDITORS TOOLBOX:
1. Auditor has ONLY 2 things in his TOOLBOX
a. TESTS OF CONTROLS =to test if control procedures complied with
b. SUBSTANTIVE PROCEDURES. =to test if verify / substantiate 1-TRANSACTIONS
2-BALANCES
TESTS OF CONTROLS
1) CATEGORIES OF TESTS OF CONTROLS:
i) REPERFORMANCE : repeating 1-Wholly 2- In Part control procedures eg: reperform
bank recon.
ii) INSPECTION : verify on docs. if contrl procedures did happen : eg: verify if
transaction authorisation signiture is there.
iii) ENQUIRY; ask person CONCERNED with control procedure as to effective
operation of.,NOT just accept mngmnts word. Eg : find out who performs each
procedure and what they do.
iv) OBSERVATION: watch process/procedure being performed eg:watch what a
receiving clerk does when supplier delivers goods.
2) Tests of Control are performed to obtain evidence of whether
i) Controls suitably Designed to
(1)PREVENT
(2)DETECT
(3) CORRECT material misstatements
ii) Operated effectively THROUGHOUT PERIOD AUDITED.
3) Good results reduce control risk and hence audit risk , then less time need spent on
substantive tests.
4) LIMITATIONS OF : tests of controls:
a) Good when checked but not in the rest of the Fin. Year.
b) Inherent risk? ch7eg 1-only test some 2- subjectivity-auditor own method 3-
5) LIMITATIONS OF : internal controls:
i) Cost exceed benefit –limits capacity of int.controls.
ii) Directed at routine transactions. –miss non-routine eg sell copier.
iii) Human error. – eg: calc. discount after vat.
iv) Collusion- eg fraudulent paypacket- collude wage clerk,foreman,personell mngr.
v) Abuse of responsibility over internal control.- eg mngr overrides stop on
purchases for overdue acc.
29
3030 | P a g e Auditing Notes AUDI 101
vi) Changes in CONDITIONS causes INADEQUATE controls.- sales clerk not check
credit record/overdue acc. due to volume
6) Example:
a) If control procedures in credit purchase procedure are sound- related
balances/transactions rec. will be sound
i) Ie: control when purchase acc and creditors acc debited /reconciled authorised, also
controls at creditor payment and creditor acc. DR etc.
SUBSTANTIVE PROCEDURES.
1) Tests controls cannot provide 100% assure so sustant.tests need be done.
2) SUBSTANTIVE TESTS BROADLY DISTIGUISHED INTO;
a)Tests Of Detail.
b) Analytical Procedures.(very powerful tool)
3) CATEGORIES OF SUBSTANTIVE PROCEDURES:
i) REPERFORMANCE : repeating 1-Wholly 2- In Part same procedures performed by
client eg:debtors age analysis.
ii) INSPECTION : inspect 1-docs+records, or 2-tangible assets eg: inspect fixed
asset to verify existence or inspect . "Confirmation Of Balance
Certificate" from long term loan creditor.
iii) CONFIRMATION + ENQUIRY; :seek info. from knowledgeable person inside or outside
entity
(1) Enquiry : 1-oral or 2-formal written : to inside or outside entity to get 1-
Corroborative evidence or 2-Plain . .. Information did not know.
(2) Confirmation : procedure of obtain response to an enquiry to corroborate info. in
the acc. records.
iv) RECALCULATION : check arithmatic on source docs & records. Eg: check depreciation
calc.
v) ANALYTICAL PROCEDURES : analysis of ratios + trends , then investigate inconsistent
deviations .(statistics)
4) Substantive procedures are performed on
a) Balances Assertions= ; Existence,
Completeness,Rights&Obligations,Valuation&Allocation.,
b) Transactions Assertions= ; Occourence,Completeness,Cut-
off,Classification&Understandability,Accuracy
5) Financial stat. consist of only
a) Collection of balances - bal sheet
b) Summary of totals – inc.stat
6) VOUCHING AND VERIFYING:
a) Vouching: (To Vouch) TRANSACTIONS auditing.
b) Verifying : BALANCES auditing.
c) Example:
i) VOUCH – a sales transaction = inspect docs + enquire discounts + recalculate
ii) VERIFY – a debtors balance = confirmation in writing from debtors + enquiries as to
calc. of prov.bad debts. +reperform aging analysis of debtors.
7) DUAL PURPOSE TESTS : some tests can be a test of control and substantive test at same
time eg: bank recon. Reperform = test of control(recon is a control) and substantive test
(bank balance).
AUDIT SAMPLING
DEFINITIONS:
1) From ISA 530 : 'audit sampling and other means of testing': gives definitions
2) AUDIT SAMPLING
30
3131 | P a g e Auditing Notes AUDI 101
a) application of PROCEDURES to LESS THAN 100% OF ITEMS in balance or class of
transactions ,to EVALUATE AUDIT EVIDENCE on the some characteristic of sample to form
CONCLUSION ON POPULATION
3) ERROR:
a) 1-Test of Controls =Control deviations 2-Substantive testing= Misstatements OR
4) TOTAL ERROR :
a) 1-Rate of Deviations 2-Total Misstatement . AND
5) ANOMOLOUS ERROR:
a) ERROR FROM ISOLATED EVENT,not representative of population.
6) POPULATION :
a) Total set of data from which samples are selected.eg all items in an account balance or
class of transactions.
7) SAMPLING RISK:
a) RISK THAT the auditors conclusion is not true for total population because sample is not
representative of the total population .(Sample could be selected by stat or non-stat
approach-any).There are 2 types of Auditing Risk:
i) Risk 1-tests of control =auditor judges them to be more effective than they actually
are. 2- Tests of Detail- error exists where it does not : this type 1-AFFECTS AUDIT
EFFICIENCY :causes more work for auditor to establish that initial conclusions were
incorredt.
ii) Risk 2-tests of control = auditor judges them to be less effective than they actually are.
2- Tests of Detail- error does NOT exist where it does. : This type2-AFFECTS AUDIT
EFFECTIVENESS : more likely to lead to an inappropriate audit opinion than assesing
risk to be higher than it is..
8) NON-SAMPLING RISK : risk of
a) apply sampling plan incorrectly, or
b) used inappropriate procedure
c) misunderstood results of sampling exercise.
9) SAMPLING UNIT.
a) :INDIVIDUAL ITEMS making up a population eg: cheques listed on deposit slips/credit
entries on bank statements.
10) STATISTICAL SAMPLING :
a) any approach that has following characteristics or it is non-statistical.
i) Random selection of a sample.
ii) Use of probability theory -to evaluate sample results (INCL.MEASUREMENT OF
SAMPLING RISK.)
11) STRATIFICATION :
a) DIVIDING a population into sub-populations each with similar characteristics eg : debtors
balance >1000.
INTRO.
1. Only some items all are tested eg:loans to directors,but mostly sampling is used due to
Resource & Time efficients.
2. Sample results must be EXTRAPOLATED over population(3 mistakes * xxx= 1000 mistakes
total) statistical sampling will result in more defensable results than non-statistical sampling.
3. Other ebvidence is used together with sampling results like a jigsaw puzzle eg: Analytical
procedures on same population.
4. ISA 500 –says auditor must selecyt appropriate means of selecting samples when design
audit procedures.
STEPS IN THE SAMPLING EXERCISE.
1) Determine objectives of procedure
2) Determine procedure
31
3232 | P a g e Auditing Notes AUDI 101
3) Confirm population is appropriate & complete
4) Define units
5) Get sample size
6) Select sample
7) Perform audit procedure
8) Analyse nature & cause of errors
9) Project results over population
10) Evaluate
11)
32
3333 | P a g e Auditing Notes AUDI 101
STAGE 2 : PLANNING:
1) AUDIT STRATEGY :Establish an overall audit strategy.
2) AUDIT PLAN :develop one.to be in a position to develop one audit team must first do
the next 3 things:
3) Obtain Understanding : of Entity and Environment incl. Internal Control.
4) Risk : of Material Mistatement :Assess risk of in the financial statements.
5) Materiality : Determine guidelines.
33
3434 | P a g e Auditing Notes AUDI 101
2- if problems develop in audit then new planning must again be done to implement
additional procedures / audit strategy if needed. –so if you are in stage 3 , you must go
and do some stage 2 things again, but you are already in stage 3.)
(b) CAPACITY :ESTABLISH IF AUDITOR HAS THE CAPACITY / RESOURCES / IF CLIENT CAN BE APPROPRIATELY SERVICED
OR NOT.
(i) Technical Skills -competence in firm or access to other auditors or experts
who do have the skills.
(ii) Resources : -Staff,computers etc.
(iii) Time. – Necessary to complete within deadline.
(iv) Personnel needed to perform quality control reviews.
(c) ETHICAL :Evaluate if Firm can comply with ethical requirements. Eg independance
34
3535 | P a g e Auditing Notes AUDI 101
(i) Conflicts of interest : eg both offer same services to same market.
(ii) Threats to independance :of team,auditor,experts /or if adequate
safeguards possible to stop threats.
(iii) Any other situations ; possible contraventions of Code of Professional
Conduct.
(d) TERMS OF ENGAGEMENT
(i) This is formalising terms of engagement into an engagement letter, and
having it signed.
(ii) Audit commitee of client must understand terms exactly
1. 'Expectation Gap' : Confused if objective is : find fraud / terminology
misunderstand( eg compilation engagement,agreed upon procedure
engagements etc., Or if an opinion is to be given or NOT(eg for a review)
(iii) ISA 210 –auditor right to decide , but client must agree to how audit will be
conducted.
(iv) The 'Letter of Engagement' should contain reference to:
1. Objective :Implied or Stated :ie to express an opinion on the fin.stats.
2. Managements Responsibilities
a. Preparation of Fin.Stats : plus refer to basis of preparation ie: IFRS.
international fin.reporting standards.
b. Accounting Records Maintenance of.
c. Accounting Policies selecting
d. Safeguarding Assets.
e. Internal controls.
3. Scope of Engagement + refer to laws etc eg:ISA's.: outline of what is
to be done.
4. The Form of Reports : that will be produced.
5. Inherent limitations , risk not detecting misstatements : sampling
methods +internal controls
6. Auditors Independance : auditor chooses tests + must be given access
to all info needed.
7. Managements duty prevent illegal acts + auditors duty :
Reportable Irregularities to Gov.
8. Written confirmation of oral representations by client: auditor
expects this from client.
9. Weakness in internal control will be brought to mngmnts attention.
10. Other parties Involvement : experts, previous auditor, other
auditors,internal audit.
11. Other services to be rendered: eg tax – and if delivered late etc.- must
state if clients fault for not providing documents , or if auditors fault , and
penalties etc
12. Name of Auditor responsible : not just the firm, but person himself
responsible.
13. Performance Arrangements : Stockcount dates, meetings dates to be
held.
14. Any Audit Deadlines.
15. Fee's : basis of computation and invoicing arrangements.
16. Must sign letter.
1) INTRODUCTION:
a) ISA 300R "the auditor should plan the audit work so that it will be performed in
an effective manner"
b) AUDIT STRATEGY & PLAN is formulated by : KEY EXPERIENCED TEAM MEMBERS
ONLY
c) Documentation: all Audit Plan + Audit Strategy must be documented for:
i) Reference for team
ii) Proof of proper planning by team
iii) Record of key decision made
d) IMPORTANCE OF PLANNING:
i) Attention -: Plan to give enough to important areas of audit.
ii) Potential Problems : Identify & resolved.
iii) Audit team : Properly assembled
iv) Supervision +Review : and proper review of their work ,of audit team , facilitated
v) On time : completion of work planned
2) QUICKLY READ PG 6/10 , FROM NO . 3, TO 6.12 BOTTOM . VERY FAST - SOME QUICK FACTS . J
iii) FIN POS + FIN PERF + CASH FLOWS FAIRLY PRESENTED. OR NOT .
(1) Accounting policies : 1-IFRS + 2-correctly done + 3-correct for
business type.
(2) Estimates :by client correct
(3) Relevant +Reliable + Comparable + Understandable : acc. Info is / or
Not
(4) Disclosure : whether sufficient to enable users to understand or not.
(5) Statutory Requirements & Regulations : complied or not
38
3939 | P a g e Auditing Notes AUDI 101
4) AUDIT REPORT :
a) Formulate Audit Report. : senior decides , on basis of reviews in course of audit
and final outlook- what type of opinion to give:
i) Exept for
ii) Adverse
iii) Disclaimer
iv) Other additions eg inclusion of an ‘emphasis of matter paragraph.’
(DONE IN CHAPTER ON REPORTING LATER)
39
4040 | P a g e Auditing Notes AUDI 101
2) Remember though : When using auditors toolbox – substantive tests + tests of controls
:same type procedures used
2) As per ISA 315 , the auditor should obtain an understanding of (IN DETAIL,SAME AS ABOVE):
a) of whole industry -INDUSTRY , REGULATORY, and other EXTERNAL FACTORS, that
are Relevant
i) INDUSTRY:
(1)cyclical/seasonal
(2)Risk Profile : high eg fashion /technology –OBSOLETE etc, labour volatility,
boom/recession, competativeness.
(3)Gov.Mometary Policy. : incentives,restrictions,foreign exchange
ii) REGULATORY:
(1)Tax,health, environmental
(2)Accounting policies.
43
4444 | P a g e Auditing Notes AUDI 101
COMPONENT : MONITORING OF CONTROLS:
1) How internal controls are monitored, to ensure they are actually done.
2) If no monitoring, not be long before employees order goods for themselves,write off friends
debt,steal stock etc)
a) Eg:\
i) Regular employee performance reviews
ii) Weekly IT manager srutinises logs+exeption reports
iii) Telesales manager replays recordings check procedure
3) Info. Is Gathered on this by
a) Inspection :Documents on ‘monitoring activities’ /’performance reviews’.
b) Discussion :Internal auditors discuss with
COMPONENT: THE INFORMATION SYSTEM:
1) Auditor wants info on RELEVANT info ie: fin stat , not nonsense, he wants info on:
a) FINANCIAL REPORTING and COMMUNICATION.
i) “Classes of transactions” that are relevant to Fin.Stats.
ii) Procedures : Manual + IT for A-Z ‘initiate transaction to fin stat’‘ process.
iii) Capturing of NON-FINANCIAL info: eg contingent liabilities.
iv) Accounting Estimates + Disclosures
v) Controls over Unusual transaction Journal Entries
vi) Manner fin. Info. Is conveyed to board, audit committee, JSE etc.
b) COMPUTERISED INFORMATION SYSTEM.
i) Aspects of IT sys to Consider for Auditor:
(1)Computerised applications
(a) Which? Eg payroll / acquisitions & payments.
(b)Environment : bureau,micro/network/centralized
(c) Application software : purchased or inhouse ,input sources,important
masterfiles etc.,new/old
(2) Hardware
(a) Makes +types (establish compatability with auditors own system)
(b)Location - factory,branches etc
(3)Software
(a) O.s,utilities,DBms,access control software etc.
(4)Organisation + Control
(a) Internal controls+ personnel structure
(5)Complexities of the System
(a) Complex databases,internet,EFT,LANS,WANS,EDI(electronic data
interchange),
(6) Level of Dependence (on system by client) : eg wages , if broken -
disruption
ii) Risks to Internal Control:
(1)Programming Errors : eg calc.vat incorrectly.
(2)Unauthorized Access to data : could delete/contaminate entire masterfile
etc!
(3)Unauthorised Changes to data:
(4)IT personell fiddling data eg salaries.
(5)Instantaneous Fraud Processing: eg eg funds transfer.
(6)Data non-access from system failure.
iii)Risks to IT System
(1)New employees
(2)Rapid growth
(3)New technology
(4)Introducing new business models
44
4545 | P a g e Auditing Notes AUDI 101
(5)Corporate restructuring
iv)How auditor gathers Info on system:
(1) Observation.
(2) Inquiry (+questionaires)
(3) Discussion (past auditor, mngmnt,outsiders,software providers)
(4)Discussion (Internal Auditor + review their workpapers)
(5)Trace info through system.
(6)Flowcharts inspection
SIGNIFICANT RISKS
NB
1) Definition; ISA315 :risks that require : Special audit consideration
2) Classed as: low medium high , or specific or pervasive , increased or decreased
3) Must have some or all of Following Characteristics:
1. Fraud :Risk–to do with risk-
2. Events :Recent + Significant Related to in economic,acc,other –to do with risk-eg new
IFRS standards, recession etc.
3. Complex :transactions From–to do with risk-merger/acquisition/unbundling
4. Related : parties , significant transactions with –to do with risk- eg: inter-company
transactions
5. Estimation :/ Subjectivity/ High degree: in measurement of fin. Info. –to do with risk-
estimate provision bad debts.
6. Outside Normal Operations :/unusual Transactions –to do with risk-eg: BEE
transactions
2) Auditors Response to:
1. Experienced staff
2. Supervision More
3. Professional skepticism Emphasise team
4. Surprise visits : add more unpredictability elements –
5. Change Audit : make plan different to in past
45
4646 | P a g e Auditing Notes AUDI 101
PLANNING MATERIALITY AND FINAL MATERIALITY
1) ISA320 says Auditor must consider materiality at 2 places:
a) PLANNING STAGE:when determining nature,extent + timing of testing (planning
materiality)
b) FINAL STAGE :when evaluating the effect of any misstatement (final materiality)
46
4747 | P a g e Auditing Notes AUDI 101
(2) Do not regard as Material : client says it would not influence a user
(3) Directors Crooking the Books : eg want some ratio, so get stubborn
(4) Regard it as ‘too much hassle’ to make changes. : all the fin stats
(5) Do not care if Fin Stats. Are Qualified. :stuff you
FACTORS TO BE CONSIDERED IN EVALUATING UNRESOLVED AUDIT DIFFERENCES
i) Known errors and likely errors : known = sales invoices wrong period(strong
ground) Likely= provision bad debts(weak ground for auditor)
ii) Misstatements should not be considered in isolation: seek patterns
iii) Statutory and other contractual obligations :eg directors emoluments,contractual
obligation need keep fixed ratio
iv) Nature of the misstatement.: eg: IFRS standards important, misallocate expense
less, director cheat more,
v) Impact of the misstatement: Specificly on Popular figures & ratios eg :EPS
(earnings per share)
vi) The absolute and relative size of the misstatement.: if 1 milllion is Relatively –
unimportant , But Absolutely – just too much , then auditor takes action anyway.
Basicly , to overlook some misstatement because client will be unhappy is Unprofessional.
CONCLUSION
1) No magic formula, takes years of experience , confidence grows as experience increases.
AUDIT RISK.
INTRO:
1) As per International Framework for Assurance Engagements :assuance engagement
a) Definition: (AUDIT) RISK is “ the risk that the practitioner expresses an
INAPPROPRIATE CONCLUSION when the subject matter info. is MATERIALLY
MISSTATED ”.
2) As per ISA200 :
a) Definition: (AUDIT) RISK is “ the risk that the practitioner expresses an
INAPPROPRIATE CONCLUSION when the subject matter info. is MATERIALLY
MISSTATED in the FINANCIAL STATEMENTS ”.
3) So it is just the risk the auditor gives an UNQUALIFIED OPINION if he should have given a
QUALIFIED OPINION.
THE RISK BASED APPROACH TO AUDITING
The auditor identifies the fin stat assertions at risk of misstatement and plans the audit in such
a way that it reduces this risk to an acceptable level
.
THE COMPONENTS OF AUDIT RISK:
NB
1) Per ISA 200 audit risk has 3 components
INHERENT RISK :
1) Is NOT controllable by auditor
1) Built in risk eg: complex transaction calc’s MORE than simple transaction calc’s, or
jewelry value more than cricket bat value.
CONTROL RISK
2) Is NOT controllable by auditor
1) If Internal controls do not do their job properly. Due to :1-Good=Costly ,2-Non
routine transactions, 3-Human error 4-Collusion 5-Abuse =Mngmnt Override 6-
Change (upswing in sales)
47
4848 | P a g e Auditing Notes AUDI 101
2) Overcome by put control activites in place: eg segregation duties, access control,
control environment.
DETECTION RISK
3) Is controllable by auditor – if inherent + control risk is high , he must increase
experience staff,or no. of samples, etc, to reduce detection risk.
4) May arise because 3 reasons: auditor
a) Selects :an Inappropriate audit Procedure
b) Misapplies :an Appropriate procedure
c) Misinterprets :results of a test
ASSERTION LEVEL:
1) Possible reasons:
a) Account Type : eg involve high degree of estimation: stock count fresh
vegetables,or provision bad debts
b) Complex Transactions : eg sale &leaseback , contract accounting
c) Estimation /Judgement Involved : bad debts provision
d) Asset Vulnerability : eg cash
e) Near Year End :of fin period.Unusual OR Complex transactions : to manipulate
transactions.
f) Non-Routine/Unusual Transactions: sale of old assets
g) Other could be added eg: mngmnt integrity(completeness assertion
:liabilities) /technology obsolete stock(valuation assertion: inventory )
etc.
2) Possible solutions:
a) Address the risk relating to possible assertion directly eg: more samples , or get
expert to valuation assertion for technology stock.
48
4949 | P a g e Auditing Notes AUDI 101
RISK AND MATERIALITY
1. (AUDIT) RISK : Is “ the risk that the practitioner expresses an INAPPROPRIATE
CONCLUSION when the subject matter info. is MATERIALLY MISSTATED in the
FINANCIAL STATEMENTS ”.
2. MATERIALITY : When making a decision based on Fin. Stats. : the judgement of a
reasonable person would be effected
a. Reasonable person/user =
i. Reasonable knowledge of Business and Economic Activities and Accounting.
ii. Willingness to study information with Reasonable Diligence
ASSESSMENT OF AUDIT RISK
1) The more checking up it takes for something , the higher the misstatement risk and
thus higher AUDIT RISK.
2) Eg: a leased asset attracts more risk of misstatement than a bought item because
there is more checking up to be done: assertion : valuation(more) + rights(more) +
existence (easy) .If you add incompetent financial manager,then the risk is even
higher.
LEVELS OF RISK
1) TYPES OF LEVELS:
a) ISA’s only give ‘significant’ Definition; ISA315 :risks that require : Special audit
consideration
b) Some audit firms have : high,medium,low
c) Some have :pervasive
d) Some have increased or decreased
49
5050 | P a g e Auditing Notes AUDI 101
THE AUDITORS RESPONSIBILITY TO CONSIDER FRAUD IN AN
AUDIT OF FINANCIAL STATEMENTS.
INTRO:
1) Due to increase in fraud worldwide eg: enron.parmalat,leisurenet ,auditing profession
responded by amending ISA.’s In past objective of audit NOT to discover fraud(see
postulates of auditing) but to express opinion on fin stats to increase confidence.The primary
objective is still not to discover fraud, but more emphasis has been placed on this.
2) Recent developments in Auditing to respond :
a) ISA 200 : ‘Emphasise Professional Scepticism’
b) Isa315 ‘assesses the risk of fraud’
c) Isa330 ‘respond to assessed risk ‘
d) THE MAIN ONE:
i) ISA 240R Title: “The auditors responsibility to consider fraud in an audit of fin stats.”
States objective of auditor is to:
(1)Consider fraud when identifying and assessing risk of material misstatement
(2) Respond to assessed,identified, or suspected risk.
50
5151 | P a g e Auditing Notes AUDI 101
KNOW ALL OF (iv) below per lecturer
iv)MANAGEMENT OVERRIDE (particularly where controls appear to be
operating effectively)
(1) FICTITIOUS JOURNAL ENTRIES –eg fictitious sales in journal
(2) JUDGEMENTS/ESTIMATES - eg understate asset impairments
(3) YEAR END DATE : Omit /Advance /Delay recognition of transactions at
balance sheet date. Eg Premature recognize profits on long term contract,
or include sales from following year in current fin year to inflate ‘sales’
(STOP THIS BY GOING ON YEAR END DATE AND WRITING END ON LAST
SALES DOCUMENTS SO YOU CAN CHECK NUMBERING AFTERWARDS)
(4)DISCLOSURE of FACTS : Hide disclosable facts ; eg a claim for damages agaist
company
(5)COMPLEX TRANSACTIONS : structured to MISREPRESENT financial PERFORMANCE
/POSITION of company. Eg manipulate inter-company balances in a group to
‘reallocate profits’.
(6)ALTERING RECORDS /or TERMS relating to significant or unusual transactions.
b) Eg: directors deliberately understate liabilities and overstate assets to secure a loan, or
manipulate earnings to reduce taxation , or to get performance bonus’s.
Eg: if you sign on delivery invoice for goods received ,it is easy to commit fraud, just slip in a
false delivery note.stop this by using a ‘goods Receiving Note’ : sequential numbering hard to
slip in a duplicate.If no numbering though- just print a new document then slip it in ,+ must use
special printing & special paper, to stop photocopying.
RESPOSIBILITY OF MANAGEMENT AND THOSE CHARGED WITH
GOVERNANCE:
NB
1) Responsibility for the 1- Prevention 2-Detection of fraud lies with those charged with 1-
governance 2- management
2) Strong control environment – responsibility also rests with those charged with 1-governance
2- management .
3) Management responsible for Concious assessment of of risk of fin stats materially misstated.
AT ASSERTION LEVEL:
1. Nature ,timing ,extent :consider of tests to minimize risk of misstatement in
assertions
2. Nature ,timing ,extent ;
2.1. Remember difficult to detect concealed things
2.2. Strong evidence : must get strong, not weak, evidence for any serious
allegations.
3. CORROBORATIVE Multiple tests : experts+observation+inspection+analytical
review +element of Unpredictability. +CAATS(find duplicate bank acc. No. for fake
employee payroll scam)
52
5353 | P a g e Auditing Notes AUDI 101
MANAGEMENT OVERRIDE:
CHARACTERISTICS OF FRAUDULENT JOURNAL ENTRIES:
1.1. Unusual Accounts :entries made to unusual,unrelated,or seldom used acc’s
1.1.1. Nature+Compexity : eg not reconciled regularly ,or acc .with no
specific purpose eg slush funds.
1.1.2. Normal course of business : ie non- recurring ,not subject tostandard
internal controls.
1.2. Other People :passed (entered/done)by people who normally do not do journal
entries.
1.3. Narrations: Not supported by adequate reasons,explanations or descriptions
1.4. Ledger :Not posted to ledger, but direct to fin stats(loss of audit trail.)
1.5. Round Amounts : Or Consistent Ending Numbers only.
2. Journal Internal Control : Entries authorisation : concentrate on entries where
controls are weaker
3. End Year adjustments: procedures to check journal entries & adjustments.
4. Fraud Risk Factors : consider these, eg if there is already an assessed risk debtors
payment embezzeled & written off as bad debt.
5. Weak Internal Controls Unusual transactions :Significant transactions outside
normal course of business eg: purchase firm which makes different products.
EVALUATION OF EVIDENCE:
1. After initial audit procedures : reconsider initial assessment of risk of
misstatement again ISA 240 (redrafted gives lengthy list of circumstances to
consider:eg
1.1. Acc records discrepencies :non-timeous recons, unauthorized trasactions eg
travel expense,unneeded access to records possible by eg foreman,tips
/complaints
1.2. Conflicting evidence : unexplained recon items,unusual ratios eg commission
up but sales same,implausible explanations from employees,excessive
charges /payments to eg lawyers/suppliers
1.3. Missing evidence missing purchase orders,
1.4. Management-auditor : Problematic or unusual relationships between
auditor and : deny access to records,overd:one time pressures,intimidation of
team,unwillingness to allow (reasonable)CAATS.etc
2. Consider if un- fraud- like misstatements could be intentional ,esp. if their
effect on fin. Stats. Is very significant.
MANAGEMENT REPRESENTATIONS:
REPORTABLE IRREGULARITES ABOVE 100 000
The law says you must report any fraud over 100 000 must be reported, not dealt
with in-house,or else you are seen as being part of the fraud.
53
5454 | P a g e Auditing Notes AUDI 101
54
5555 | P a g e Auditing Notes AUDI 101
1.1. Non-Same auditor Related Party transactions :significant transactions
inter-group
1.2. Firm Dominates industry sector :allowing firm to dictate conditions to
suppliers resulting in inappropriate transactions.
1.3. Estimates: where difficult to corroborate estimates could be used to
manipulate results (assets, liabilities, revenue, expenses)
1.4. No clear business justification: all business methods with –eg import
through a neighbouring country.
ATTITUDES/RATIONALISATIONS:
1. Enforcement of Ethics :Ineffective enforcement of firms values and ethical
standards.
2. Non-fin Mngmnt Accounting policies + Estimates : non- financial
managements excessive participation. In determining
3. History of law/fraud allegations: any regulations or fraud eg insider trading
4. Share price/earnings trend :Excessive interest by mangmnt in increasing
/maintaining entitys share price/earnings trend
5. Tax :Interest by mngmnt in unappropriate means to minimize reported earnings for
tax : eg understating sales.
6. Personal/business transactions : No interest in differentiating eg: takes holidays
& charges company.
2. INTERNAL CONTROL:
2.1. Inadequate segregation of duties
2.2. Lack of management supervision : eg goods into /out stores with no
supervision.
2.3. Poor personell practices : screening for sensitive jobs (incl. storeman)
2.4. Recons: inadequate record keeping for the coming recon of assets, or asset
recon itself inadequate.
2.5. Lack proper purchases authorization.
2.6. Physical safeguards : poor over assets
2.7. Timely and appropriate documentation for transactions: lack of eg: let
customers take goods but do paperwork later.
2.8. Mandatory vacations employees in key control positions: they normally
do not want to take a holiday because they cannot cover up in that time.
2.9. Senior management expenditures: inadequate authorization,review and
control eg: travel claims.
2.10. IT personel ‘do what they want’ : esp. if Mngmnt has inadequate
understanding of IT: IT personell might change debtors balances in
masterfile.
ATTITUDES/RATIONALISATIONS
1. Factors which indicate employees have a relaxed attitude to control, or to
misappropriation of assets.
1.1. Control Environment :poor : eg Ignore theft incedents, Overriding controls.
1.2. Lifestyle changes: Mngmnt suddenly takes expensive holidays.
1.3. Dissatisfaction Behavior: by employees indicating displeasure at
treatment or at entity itself.
56
5757 | P a g e Auditing Notes AUDI 101
b) Those charged with governance: Audit committees + {BoD is the
ultimate level charged with governance}. + And Audit committees (law says
public companies must have one) Folowing matters MUSt be reported to these
?2?:
i) INTERNAL CONTROL MATERIAL WEAKNESS (mngmnt is not doing their job)
ii) Questions regarding mngmnt integrity
iii) Mngmnt fraud
iv) Other fraud resulting in material misstatement of fin. Stats.
c) Regulatory and enforcement authorities:
i) Confidentiality stops auditor from reporting to 3rd party exept:
(1)To IRBA as per Act(law)
(2)Court or statute requires certain disclosure
(3)Client gives permission
d) Proposed successor auditor:
i) If permission not granted by client to discuss with proposed new auditor
then old may not discuss with new auditor ,but he must say permission has
not been granted.
57
5858 | P a g e Auditing Notes AUDI 101
58
5959 | P a g e Auditing Notes AUDI 101
59
6060 | P a g e Auditing Notes AUDI 101
(i) Widening Risk to incl. Users: Employees in user depts. Needed some
computer skills, so corresponding widening of risk to include them, not just
‘boffins’ in computer dept.
(ii) Facilities and data risk spread : hardware + data access by many more
depts. widened this risk too.
USE OF MICROCOMPUTERS/PERSONAL COMPUTERS
(a) Next stage : explosion of small businesses using self contained computers to do
accounting etc.
(b) Segregation of duties: far less since 1 person could do all easily.Very Risky if
alternative controls not put in place eg: accountant deletes debtors and keeps
payments.”Physical Audit Trail” missing now.
NETWORKED SYSTEMS
(a)Definition: number of pc s linked together by data cable, each has own powerful
processing capabiliteies, but can share networked computers data and
processing power.
(b)Characteristics:
(i) Power: combined processing power and storage of each together is
considerable.
(ii) Security is Demanding : far more demanding since each computer has
access to all other’s data etc.eg employee can alter his wage record.
(iii) Computer knowledge : Sophisticated software neede so a high level of
knowledge is needed to run it.
USE OF OUTSIDE SERVICE PROVIDERS
(a) Similar to a centralized IT dept. but run by another firm.Very common example is
a ‘computer bureau”Information can be delivered /collected in hardcopy or
magnetic tape or electronicly.
(b)Implications of using this type –characteristics:
(i) Natural Segregation of Duties
(ii) Security is dependant on bureau – makes business vulnerable here.
(iii) Transfer of Information. Controls : these controls must now be very strong
–back and forth..
SUMMARY
(1) An Entity may have a mixture of all these systems , lans,wans, networks, central,
and use a service bureau for wages to enhance confidentiality and security , etc
etc .controls must be designed to fit the user, a large organization will use all the
controls, a small one far less.
A
(2)a
INTERNAL CONTROL IN COMPUTERISED ACCOUNTING SYSTEMS
1) The 7 (+1 = controls monitoring,review,development) characteristics of good internal
control as applying to computer environment:
i) THE CONTROL ENVIRONMENT :
(1) increases the need :Intoduction of computers increases the need for good
control environment.
ii) COMPETENT TRUSTWORTHY STAFF:
(1) Trustworthy: needed because of potential of destruction/manipulation of
data.
60
6161 | P a g e Auditing Notes AUDI 101
(2) Competent :important because of skill needed ,for common users as well as
specialized I.T. staff.
iii) SEGREGATION OF DUTIES;
(1) Danger : makes it possible for 1 person to do all the duties at once,lessens
segregation.
(2) Capabilities of computers that can enhance segregation of
duties:
(a) PC Restricted access: can be set to restrict access to certain files and
programs to certain PC’s only.
(b) User Restricted Access: can set to restrict access to data&programs to
certain users.
(c) Level of access : read only / write only /
(d) Log: record of who accesed what +when.+ log any entries = leaves an
audit trail.
iv) ISOLATION OF RESPONSIBILITIES :
(1) Unique user id’s :Can computer can isolate who did what and when.: by
this allow 5 people to use 1 pc for different purposes,and the above types,
v) ACCESS CUSTODY CONTROLS:
(1) Information =ASSET :eg destroy debtors masterfile,make electronic
payments, etc.
(2)info can be regarded as an asset which must be controlled/guarded in same
way
(3)Computers can enhance : this by features eg: regular mini – stock counts
(cycle counts) to recon theoretical to actual.
vi)SOURCE DOCUMENT DESIGN:
(1)Equally important in computers, processes what is fed, good doc design
minimizes errors at source already.
(2) Note: no signitures,no coloured paperwork copies carbon, etc.
(3) Effective pre-numbering: when on-screen , each doc should be pre-
numbered!
(4) For hardcopy distribution : (printing) requirements for multipart stationary
should be satisfied.
(5) ‘On Screen‘ good design Achieved by :
(a) Mandatory fields ; before can continue
(b) Alpha numeric checks : wrong letter
(c) Screen dialogue: eg have you Confimed order details.
(d) As little as possible: to be keyed in by capturer, rest auto by system(less
mistakes)
(e) Select & click : only the desired options for data entry are allowed.
vii) COMPARISON AND RECONCILIATION:
(1)A strong computerized acc system should promote frequent reconciliation
and comparison.eg:
(a) Input-output
(b)Theoretical-actual eg stocktake
(c) Progammed computer to do auto -own recons as well.
(2) Timely and comprehensive accounting info makes frequent ®ular
recons +comparisons possible.
FACTORS PECULIAR TO COMPUTERISED SYSTEMS WHICH THE AUDITOR
SHOULD BE AWARE OF.
Watch for exam question:contrast a manual and computer system
(1) Lack of audit trail : could be only in machine readable form,or only exists short
period in some.
61
6262 | P a g e Auditing Notes AUDI 101
(2) Lack of segregation of duties :
(3) Potential for errors an irregularities
(a) Development + Operation + Maintenance needs more skill and detail so
potential for human error
(b) Visible evidence: one can gain access and alter data without visible
(c) Decreased human involvement : means less chance of spotting errors
(d) Software Design errors: remain undetected for long, or exploited by those in
the know.
(4) Initiation or execution of transactions may be automatic : eg interest rate
increases on a savings account once a certain balance is reached.
(5) Dependence of other controls on computer processing : eg: when account
balance debtor check before sale is made, if masterfile tampered with, it could lead
to extra bad debts.
(6) Uniform processing of transactions : if error in program, all transactions will be
wrong eg: extra vat calculated etc.
(7) Potential for increased mngmnt supervision: appropriate software – eg sales
reports,analyses, expense fluctuations,stock movement reports.
COMPUTER AUDITING
DEFINITION OF A GENERAL CONTROL:
1) All controls in a computerized centre are classified as either 1-General or 2-Application
controls.
2) Definition: General Controls: Span across all applications.Establish an overall
framework of control for computer activities.Must be in place before any processing of
transactions takes place.
3) Definition: Application Controls :relevant to a specific task within the accounting
system eg wage cycle, purchases cycle,
CATEGORIES OF GENERAL CONTROLS
1) Control environment and security policy
2) Organizational structure and personnel practices
3) Standards and standard operating procedures
4) System development controls
5) Program change controls
6) Continuity of operations
7) Access controls
8) Documentation.
CONTROL ENVIRONMENT AND SECURITY POLICY:
CONTROL ENVIRONMENT
1) As per normal for control environments , especially the following for I.T.
a) BoD IT representation: “IT Committee” preferably ,all new IT matters referred
to them.
b) Internal Control System : incl. an Internal Audit Dept. if possible + embrace
characteristics of good internal control
c) Mngmnt style : that promotes good controls.
d) Organizational structure : that promotes to good controls.
CONTROL ENVIRONMENT
1) For Hardware +Software ONLY:A Policy ,not Procedures, must be developed, must
be DOCUMENTED. Characteristics should be :
a) Least Priveledge: clerk cannot access things he does not need to.
62
6363 | P a g e Auditing Notes AUDI 101
b) Fail Safe : if one control fails, another takes its place : eg log in software fails,
system shuts down.
c) Defense in depth : combination of controls ,not just one, eg ATM , no more than
balance total give out, in case it spews out thousands.-sommer add a control.
d) Logging: NOT an EFFECTVE measure unless regular and frequent review/AND
follow up action .All access,all changes etc.
ORGANISATIONAL STRUCTURE AND PERSONNEL PRACTICES
1) Should achieve 2 major objectives :
a) Clear Reporting Lines / Levels of Authority
b) Lay foundation for segregation of duties,so no staff perform incompatable
functions. :1- segregate IT and user depts., 2- segregate users within dept.
ORGANISATIONAL STRUCTURE
2) Sound ORGANISATIONAL STRUCTURE for an EDP/IT Dept :
3) The following chart illustrates following important segregations of duty: note main
principles used below for chart.
a) 1- SEGREGATE I.T. AND USER DEPTS.,
i) Authorise :No transactions to be authorized by IT dept eg: wage increase
rate, purchase order (to put on system, or otherwise)
ii) Access :No IT staff have access/or custody of PHYSICAL ASSETS eg stock, or
UNCONTROLLED ACCESS TO NON-PHYSICAL ASSETS eg debtors masterfile.
iii) Resposible : ONLY responsible for correcting errors in processing+operating
problems, for other corrections (eg in books) ONLY assistance if by request
from user departments.
4)
BoD
Board of
Directors
Steering
Commitee
IT Manager
Application
Development Technical Help Desk
Security
and Administrators /Operations
Programming
PERSONNEL PRACTICES:
(1)Very important to have good personnel practices in IT .( nerve centre)
(a) Background check,competence checks
(b)Password,access exclusion if dismissed.
(c) Compulsory leave : crookery discovered when they are missing to cover up
(d)Training and development
(e) Terms of reference: written personnel policies and practices.
(f) Rotation of duties: boredom, learn other tasks, catch out. Do not compromise
segregation of duties though.
STANDARDS AND STANDARD OPERATING PROCEDURES
STANDARDS:
(1)Eg ISO 9000 , and ISO17799 : standards for security ertc. In IT depts..
(2)Makes sure
(a) Compatability with other systems /companies
(b)Communicate requirement for good consistent practices with IT mngmnt .
STANDARD OPERATING PROCEDURES:
(3)Prodedures over everyday Operations: compliance with standards and current
standards should be frequently reviewed to ensure up to date,in touch,protected.
(a) Scheduling of jobs : eg wages on thurs for payout fri.
(b) Equipment operation and maintenance. : eg log out, not switch off at plug.
(c) Machine serviceing: eg printer every 1000 copies etc.
(d) Job run procedures: not left to own devices but instructions
(e) Activity logs: as before
(f) Personnel habits and tidiness: eating ,drinking ,smoking etc- protect equip-
neatness standards: less loss eg flash disk.
(g)Library(physical) : tapes etc. : label,access,issue,inspection,duty segregation.
SYSTEMS DEVELOPMENT CONTROLS (NB KNOW VERY WELL)
DOUBLE NB
3) For a new system eg payroll or internet shop, new hardware,software,OS,procedures
etc must be got
4) RISKS:
i) Costs get out of control
ii) Sytem design end up does NOT suit user at end.
iii) Errors,bugs
iv) Business analyst incorrectly implements accounting procedures etc
v) Not enough controls implemented- users access too easy etc.
vi) No-one knows how to use it
vii) Transfer info old to new system causes errors.
5) To avoid these risks , following controls must be implemented: know well as per
lecturer:
64
6565 | P a g e Auditing Notes AUDI 101
i) STANDARDS : eg ISO 9000 , + check compliance
ii) PROJECT APPROVAL: steering committee must approve, feasibility study in-
house or off-shelf +cost vs benefits.
iii) PROJECT MANAGEMENT :KNOW well lecturer : 1-project team 2-
stages/milestones/deadlines 3-progress monitoring + 4-prog. monit. reports to
steering commitee
iv) USER REQUIREMENTS : business analyst + auditors consult(int +ext) +
mngmnt of depts. sign off approval
v) SYSTEMS SPECIFICATIONS AND PROGRAMMING : specifications
documented + programming by international standards –flow chart etc.
vi) TESTING : debugging, test data run, integration other programs, if users
happy
vii) FINAL APPROVAL : test results approved by all involved, + final all users-
mngmnt-IT-internal audit approval
viii) TRAINING :schedule for training with times for all users, manuals updated.
ix) CONVERSION: following controls to ensure DATA is
VALID,ACCURATE,COMPLETE
(i) CONVERSION PROJECT: seen as a project in its own right
(ii) DATA CLEANUP: thoughrouly checked before conversion eg stock
count
(iii) CONVERSION METHOD:
1. parallel OR
2. phases OR
3. shut down old start new
(iv) PREPARATION AND ENTRY:
1. File comparison – old to new data +resolve discrepencies
2. Reconcile old/new using:1- Record counts & 2-Control totals.
3. Use programmed Limit checks etc. to identify problems and follow
up
4. user approval per dept if correctly done,
5. confirm all balances with customers/suppliers etc.
x) POST IMPLEMEMENTATION REVIEW: :users+auditors+ IT for several
months : documentation/sys dev. success or not/bugs/
PROGRAM CHANGE CONTROLS
(1) You want valid + accurate + complete information.
(2) When changes are made to computer programs/ + sytems :Use following controls
to ensure above. For “program maintenance”
(a) Similar standards as for system development controls (above)
(b)Documented , Preprinted ,Prenumbered : change control forms.
(c) Change requests: approval by 1- IT manager 2 user dept.
(d)Done by programmers, NOT operators.(separation of duties)
(e) Make it a Mini project
(f) Change a development (test) program first, not the real one.
(g)Test by programmer+ senior use debugging tequniques
(h)Changes : users + internal audit must sign change form control.
(i) Documentation updated
(j) 1-Logging: of changes dine to it by computer + 2-independent tech operator
puts program on(separation of duties)
(k) Review of log by it manager to check no extra changes were made skelm in the
process.
65
6666 | P a g e Auditing Notes AUDI 101
P
APPLICATION CONTROLS:
INTRO:
(1)GENERAL CONTROLS & APPLICATION CONTROLS
(a) General = for all applications and the sytem eg hardware, other software etc etc
(b) APPLICATION CONTROLS: only for the software : programs & procedures to
satisfy users for 1 task eg: payroll
(2) Suggested framework for application controls: = 10 KEYWORDS:
(a) Masterfile Amendments
(b) Input , Processing ,Output
(c) VAC: Validity Accuracy, Completeness.
(d) Prevention, Detection, Correction.
(3) When input/output/ processing is more real time than segregated(tech), we
(a) More access+programmed controls , less manual controls
(b) More Preventative , less than detective+corrective.
i. Eg: get details of a airline booking correct before its processed(for
both above)
DEFINITIONS:
NB
(4) An APPLICATION : a set of procedures and programs , ,designed to satisfy
users for a specific task eg payroll cycle(cycle link)
(5) APPLICATION CONTROLS : over input,processing output of fin info , relating
to a specific application ,to ensure VAC :Valid Accurate Complete.
(6) TRANSACTION FILES: files to STORE DETAILS of individual transactions
(7) MASTER FILES: files only to store 1-standing information + 2- latest
balances : need tight control
(8) MASTERFILE AMENDMENTS : changes to
(9) VAC: VALID , ACCURATE, COMPLETE (objective of controls in computerized environment is
VAC)
(a) VALID: transactions&data : not 1-fraudulent/fictitious 2-in Accordance
activities actually authorized by mngmnt.
66
6767 | P a g e Auditing Notes AUDI 101
(b) ACCURATE; transactions&data: are correctly 1-
captured,processed,allocated to 2-minimize errors
(c) COMPLETE: transactions&data: not omitted or incomplete
(10) PREVENTION, DETECTION ,CORRECTION : (just the stage at which controls are
implemented to achieve objectives of VAC))
(a) PREVENTION : controls to get errors BEFORE input/process/output (check
before input)
(b) DETECT :controls to detect errors ALREADY IN SYSTEM + RESOLVE.
(c) CORRECT :controls to RESOLVE ERRORS&PROBLEMS already identified by
detection controls
INPUT, PROCESSING, OUTPUT:
NB
(11) Application Controls : are Various controls , designed to ensure info on comp.acc
sys. Is VAC , which means controls at stages of input/processing/output stages
(12) Diagram: masterfiles - programmes - processing – output : see pg 8/26
(13) INPUT: data inputed to computer by:
(a) Manual source docs
(b)PC/keystroke entry
(c) Barcode scanning
(14) PROCESSING: info to masterfile, Application programmes use this to
processing, controls to 1-program error 2-hardware/software malfunctions
(a) HARDWARE MUST FUNCTION PROPERLY : regular servicing,treatment,ie
auditer worry
(b) INPUT: TRANSACTIONS MUST BE VAC : computer processes whats fed to it:
so need General Controls (eg good source docs)+ Application
controls(foreman authorize clockcard)
(c) MASTERFILES: very important eg alter salary.
(d) PROGRAMMES: gives what fed, so general controls eg sytems
development/implementation contrls
(15) OUTPUT: eg hardcopy/e-mail/store : Controls to:
(a) Integrity : Preserve data integrity
(b) Effective Use :Ensure of reports
(c) Confidentiality :Ensure
PROCESSING METHODS:
NB
(1) 3 types of controls
(a) BATCH ENTRY ,batch processing/update
(i) First on Source Docs
(ii) In batches of eg 25 : entered on computer to store at efficient/convenient
time, to update masterfile immediately
(b) ONLINE ENTRY, batch processing/update
(i) First on directly on PC
(ii) Stored on transaction file, later batches of these files are updated to
masterfile.
(c) ONLINE ENTRY, real time processing/update
(i) First direct on PC
(ii) Stored and also Masterfile updated in Real Time eg airline seats available
(2) Todays esp. SME ,Commercial packages incorrectly configured to not do
programmed controls are a risk.
67
6868 | P a g e Auditing Notes AUDI 101
APPLICATION CONTROL FRAMEWORK : MASTERFILE AMENDMENTS
NB
VAC CONTROL
OBJECTIVE
(3) VALIDITY: 1- Program Checks
2-Assess To Source Docs
3-Access Controls
4- Authorisation
5- Independent Checks
6-Logs And Reports
68
6969 | P a g e Auditing Notes AUDI 101
2. Program Checks
(ii) ACCURACY:
1. Screen aids
2. Program checks
(iii) COMPLETENESS:
1. Screen aids
2. Program checks
3. Post Entry Batch control
71
7272 | P a g e Auditing Notes AUDI 101
(h) Logs and reports
(i) Audit trails: eg intrest or PAYE rates used/ or summaries + list transactions
(ii) Run to run balancing reports – see above
(iii) Override reports- abuse of privaledges
(iv) Exception rports- outside parameters set for control purposes eg wages >
40 hrs
(v) Before and after images- database images before/after updates in case
error
(vi) Activity reports-usage times etc per user on pc, using resource
(vii) Computer generated transaction listing- all automaticly generated re-
orders/purchases by computer
(viii) Access & access violation reports – sensitive eg – payroll + EFT
73
7474 | P a g e Auditing Notes AUDI 101
(3) Sort the file : by location: add values and quantity fields to assist in planning
stockcount attendance
(4) Extract a list : items with negative quantity, or values, or unit costs : ( NB : - X -
=+)
(5) Extract a list : items quantity field is zero but date of last purchase is after the
date of last sale
(6) Extract a list : items where date of last sale is say > 9 mnths ago , but date of
last purchase is < 3 mnths ago : enquiry why ordereod? – is it because goods in
stock were damaged
(7) Extract a list : where date last order > 9 mnths , and date last purchase > 9
mnths : to assist in identifying non saleable stock –which should be written down.
(8) Extract a list : where date last sale or purchase after stock masterfile date :
weird
(9) Extract a list : random sample of items to be counted at stockcount
(10) Cast : value field for total value : to be compared to trial balance
(11) Compare : unit price EXCEEDS selling price
(12) Reperform : Qty X Value : see where clients file has a different answer
74
7575 | P a g e Auditing Notes AUDI 101
75
7676 | P a g e Auditing Notes AUDI 101
NB
(i) The code has 5 fundamental principles:
1. Integrity
2. Objectivity
3. Confidentiality
4. Professional behavior
5. Professional competence and due care
(ii) As per Conceptual framework approach-It then provides the approach they should adopt for
threats & safeguards.
(iii) Method:
1. Identify threats to their compliance with above
2. See where threat is insignificant
3. See where it is clearly not insignificant
FUNDAMENTAL PRINCIPLES
NB
4. INTEGRITY
a. Straightforward honest fair truthful in professional and business relationships
b. Should not tbe associated with info. they believe is false,misleading(omission or
inclusion) or recklessly provided.
5. OBJECTIVITY
a. Should not compromise their professional or business judgement because of
Bias,conflict of interest,or undue influence of others.
6. CONFIDENTIALITY
a. professional accountants should not
i. * disclose confidential information acquired as a result of a
professional or business
ii. relationship, without specific authority or unless there is a legal or
professional duty to do so.
iii. * use confidential information acquired as a result of professional and
business relationships
iv. to their own personal advantage or the advantage of third parties.
b. 4.2 professional accountants must maintain confidentiality in a social
environment and must be alert to the possibility of unintentially
disclosing confidential information to friends, long-term business
associates or a close family member (parent, child or sibling), or an
immediate family member (spouse or dependent).
c. 4.3 a professional accountant should attempt to ensure that staff under
his or her control and anyone from whom advice or assistance is
obtained in respect of an assignment, respect the duty of
confidentiality.
d. 4.4 if a relationship between a professional accountant, a client or
employer ends: the duty of confidentiality remains.
e. 4.5 disclosure of confidential information is permitted when
i. * disclosure is permitted by law and is authorised by the client or
emplcer in the case of a professional accountant in business)
ii. * disclosure is required by law e.g.
iii. • providing evidence in the course of legal proceedings
iv. • disclosing infringements of the law to the appropriate public
authority.
v. * there is a professional duty or right to disclose e.g.
when reporting on the quality review of a member body
76
7777 | P a g e Auditing Notes AUDI 101
vi. • in response to an enquiry or investigation by a member body or
regulatory body
vii.• to protect the professional interests of a professional accountant in
legal proceedings or
viii. • to comply with technical standards or ethics requirements
f. 4.6 In deciding whether to disclose confidential information a
professional accountant should
i. consider whether the interests of all parties could be unnecessarily or
unjustly harmed by the disclosures
ii. * whether all relevant information is known and substantiated
(disclosing unsubstantiated facts or incomplete information could be
unfairly damaging to other parties and is unprofessional)
iii. whether the method or type of communication is appropriate and
the recipient of the information is appropriate.
7. PROFESSIONAL BEHAVIOR
a. 5.1 This fundamental principle requires that professional accountants
comply with relevant laws and regulations
b. * avoid any action that may bring discredit to the profession (acts in a
way which negatively affects the good reputation of the profession)
c. * market and promote themselves in an honest and truthful manner
8. PROFESSIONAL COMPETENCE AND DUE CARE
professional accountants are required to
a. * maintain professional knowledge and skill at a level which ensures that
clients or employers
b. (in the case of professional accountants in business) receive competent
professional in service
c. * act diligently in accordance with applicable technical and professional
standards when
d. providing professional services.
e. 3.2 to maintain professional competence a professional accountant
must remain abreast of relevant technical, professional and business
developments.
f. 3.3 acting diligently (with due care) requires that the professional
accountant act carefully, thoroughly and in accordance with the
requirements of the assignment.
g. 3.4 a professional accountant must ensure that those working under his
or her authority in a professional capacity have appropriate training and
supervision.
FUNDAMENTAL PRINCIPLES
NB
9. INTEGRITY
a. Straightforward honest fair truthful relationships
b. be associated false,misleading(omission or inclusion) or recklessly info.
10.OBJECTIVITY
a. Compromise judgement - Bias,conflict of interest,or undue influence of others.
11.CONFIDENTIALITY
a. professional accountants should not
i. disclose - without specific authority or legal or professional duty
to do so.
ii. use - confidential information acquired as a result of professional
and business relationships
iii. to own/ third parties advantage.
77
7878 | P a g e Auditing Notes AUDI 101
b. confidentiality in a social environment /alert unintentially disclosing
confidential info. friends, long-term business associates / close family
member / immediate family member
c. staff = advisors +assistents. confidentiality
d. relatationship ends: the duty of confidentiality remains.
e. disclosure of confidential information is permitted when
i. permitted by law and is authorised by client or employer :
disclosure is in the case of a professional accountant in business.
ii. by law: disclosure is required by law
iii. providing evidence in the course of legal proceedings
iv. infringements of the law to the appropriate public
authority :. disclosing
v. professional duty or right :there is a professional duty or right to
disclose e.g. when reporting on the quality review of a member body
vi. investigation by a member body or regulatory: in response to
an enquiry or investigation by a member body or regulatory body
vii. to protect the professional interests of a professional
accountant in legal proceedings or
viii. to comply with technical standards or ethics requirements
f. In deciding whether to disclose confidential information: a
professional accountant should
i. unnecessarily or unjustly harmed :consider whether the interests
of all parties could be unnecessarily or unjustly harmed by the
disclosures
ii. substantiated: whether all relevant information is known and
substantiated (disclosing unsubstantiated facts or incomplete
information could be unfairly damaging to other parties and is
unprofessional)
iii. recipient+ method : whether the method or type of communication
is appropriate and the recipient of the information is appropriate.
12.PROFESSIONAL COMPETENCE AND DUE CARE
NB
THREATS
78
7979 | P a g e Auditing Notes AUDI 101
Now that the fundamental principles have been described, it is necessary to
consider the circumstances which can threaten compliance with the
fundamental principles. The code categorises them as follows:
1. SELF-INTEREST THREATS, which may occur as a result of the financial or
other interests of a professional accountant or of an immediate or close
family member, e.g. the professional accountant has shares in a company
which is about to become an audit client.
2. SELF-REVIEW THREATS, which may occur when previous work needs to
be re-evaluated by the professional accountant responsible for that work,
e.g. the professional accountant has written up the accounting records of a
client for which he or she has also been appointed to audit
3. ADVOCACY THREATS, which may occur when a professional accountant
promotes a position or opinion to the point that his or her subsequent
objectivity may be compromised, e.g. a professional accountant values a
client’s shares and then leads the negotiations on the sale of the client’s
company.
4. FAMILIARITY THREATS, which may occur when, because of a close
relationship, a professional accountant becomes too sympathetic to the
interests of others; e.g. the professional accountant fails to report a fraud
at a client because the perpetrator is a close friend.
5. INTIMIDATION THREATS, which may occur when a professional
accountant may be deterred from acting objectively by actual or perceived
threats, , e.g. a professional accountant in business fails to report a fraud
perpetrated by his section head because he fears he himself will be
dismissed by the section head.
NOT ALL THREATS NEATLY FALL INTO THE ABOVE CATEGORIES!
THIS DOES NOT MEAN THEY ARE NOT THREATS, AND MUST STILL
BE ADDRESSED.
SAFEGUARDS
NB
SAFEGUARDS
Unless the threat is clearly insignificant, the professional accountant is obliged to
apply safeguards which will eliminate or reduce the threat to an acceptable level.
1 How does the professional accountant decide whether a threat is clearly
insignificant? There is no magic formula or “hard and fast” rule. The decision
1. professional judgement will be a matter of professional judgement
2. public interest :must take into account the public interest — if the public
interst is threatened , it is most likely to be significant.
3. reasonable and informed third party :should be one which a
reasonable and informed third party having knowledge of all relevant
information would make.
2. Safeguards fall into two categories
2.1 profession,legislation or regulation safeguards created by the
profession,legislation or regulation eg:the Companies Act which presents a
professional auditor in public practice from being a director in his/her audit
cient
2.2 work environment :safeguards in the work environment : eg a company
has sound procedures to protect an employee (a professional accountant in
business) from intimidatory threatsfrom the employees manager
79
8080 | P a g e Auditing Notes AUDI 101
3. If no suitable safeguard can be put in place, the prof.accountant will be
obliged to withdraw from the business relationship.-employee or assurance
engagement.
80
8181 | P a g e Auditing Notes AUDI 101
81
8282 | P a g e Auditing Notes AUDI 101
5) Section 250 Marketing professional services 2/16
6) Section 260 Gifts and hospitality 2/16
RESPONSIBILITY May accept clearly insignificant gifts: as judged by a 3rd party, bt not large
gifts
i) THREATS : intimidation(disclosure) and familiarity
ii) SAFEGUARDS : quality ethics committee: approval ; notice to employees &
clients of policy of not accept gifts.
iii)
7) Section 270 Custody of client assets 2/17
a) RESPONSIBILITY: must: ensure: separately identifiable,not from illegal sources,not
used for purposes other than intended.
b) THREATS integrity,professional behavior, objectivity. (accused of misuse, money
laundering,integrity)
c) SAFEGUARDS: separate bank accounts,purposes it may be use for in
writing,records of anything earned/done with it etc+record available always for
inspection,FICA compliant bank acc.etc
8) Section 280 Objectivity — all services 2/17
9) Section 290 Independence - assurance engagements 2/17
a) : INDEPENDENCE HAS 3 PARTS TO IT
i) Of mind : influences not affect objectivity , independence , professional skepticism eg own
shares in company etc
ii) In appearance: as per a 3rd parties opinion
iii) State of mind & in appearance : eg: even if you can get by the 1st one , both must be true
– so if a 3rd party would say not look like it , then it is not , even if you made a plan
somehow.
10) See detailed index on the following page
11) DEFINITIONS:
a) Financial interest:
i) An interest in an equity or other security,debenture, loan, other debt instrument of an
entity,including rights and obligations to aquire such an interest
b) Direct financisl interest:
i) A fin intyerst owned directly by or under contrilled of an individual or entiyy
ii) Fin interst beneficially owned through an investment vehicle (eg yunit trust fund,trust,
estate etc) which is controlled by the individual or entity.
c) Indirect financial interest:
i) Fin interst beneficially owned through a collective investment vehicle (eg unit trust
fund,mutual fund) over which entity/person has no control
ii) Immediate family: spouse or dependant
iii) Close family : parent, child or sibling who is not an immediate family member
iv) Listed entity :company whose shares or DEBT is listed on a recognized stock exchange. Eg
JSE.
v) Network firm : part of the company eg subsidiary : ie under 1-common control, 2-common
ownership 3-common management: as per a 3rd parties judgement.
d)
PART C - PROFESSIONAL ACCOUNTANTS IN BUSINESS
12) Section 300 Introduction 2/36
13) SECTION 310 POTENTIAL CONFLICTS 2/36
a) RESPONSIBILITY: COMPLIANCE WITH FUNDAMENTAL principles threatened by conflict withj
interests of company
b) THREATS: intimidation or all other principles
i) Laws: don’t pay PAYE.
ii) Professional standards : awarding tenders because intimidation by GM
iii) Unethical/ or illegal earnings strategies- eg illegal products
iv) Lie/intentionally mislead (incl. remain silent) 1-auditors eg fictitious sales2- regulators eg
customs
v) Issue or be otherwise associated with a financial or non financial report that materially
misrepresents the facts : eg for good ratios
c) SAFEGUARDS: 1-access to those charged with corporate governanceeg audit
committee/independent director 2-SAICA etc .advice 3-formal dispute resolution process in
the company
14)
15) Section 320 Preparation and reporting of information 2/37
16) Section 330 Acting with sufficient expertise 2/37
82
8383 | P a g e Auditing Notes AUDI 101
17) Section 340 Financial interests 2/38
18) Section 350 Inducements 2/38
19) 2/1
PART D - PROFESSIONAL ACCOUNTANTS IN SOUTH AFRICA
20) Section 400 Joint and vicarious liability 2/39
21) Section 410 Tax practice 2/40
22) Section 420 Insolvency practice 2/41
23) Section 430 Discrimination 2/42
24) Section 440 Cross border activities 2/42
25) Section 450 Publicity, advertising and solicitation 2/43
26) Section 460 Responsibilities to colleagues 2/44
27) Section 470 Recruiting 2/44
28) Section 480 Signing of reports or certificates 2/45
29) Section 490 Stationery and letterheads 2/45
30) Section 495 Inclusion of the name of a professional accountant in public practice in a
31) document issued by a client 2/45
32) THE CODE OF PROFESSIONAL CONDUCT (IRBA) 2/46
33) THE DISCIPLINARY RULES (IRBA) 2/47
34) DETAILED INDEX FOR SECTION 290 - INDEPENDENCE
35) Introduction 2/17
36) Structure 2/18
37) Definitions/Terminology 2/18
38) The conceptual approach applied to independence 2/19
39) Illustrative examples 2/20
40) I. Financial interests in an assurance client 2/21
41) 2 Financial interests in financial statement audit clients 2/22
42) 3. Financial interests in non-financial statement audit assurance clients 2/23
43) 4. Loans and guarantees 2/23
44) 5. Close business relationships with assurance clients 2/24
45) 6. Family and personal relationships 2/24
46) 7. Employment with assurance clients 2/25
47) 8. Recent service with an assurance client 2/26
48) 9. Serving as an officer or a director on the Board of an assurance client 2/27
49) 10. Long association of senior personnel with assurance clients 2/27
50) 11. Financial statement audit clients that are listed entities 2/28
51) 12. Provision of non-assurance services to assurance clients 2/28
52) 13. Preparing accounting records and financial statements for an assurance client 2/29
53) 14. Valuation services 2/30
54) 15. Provision of taxation services to a financial statement audit client 2/30
55) 16. Provision of internal audit services to a financial statement audit client 2/30
56) 17. Provision of Information Technology services to a financial statement audit client 2/31
57) 18. Temporary staff assignments to financial statement audit clients 2/31
58) 19. Provision of litigation support services to a financial statement audit client 2/32
59) 20. Provision of legal services to a financial statement audit client 2/32
60) 21. Recruiting senior management on behalf of an assurance client 2/33
61) 22. Corporate finance and similar activities 2/33
62) 23. Fees and pricing 2/34
63) 24. Gifts and hospitality 2/35
64) 25. Actual or threatened litigation between the firm and an assurance client 2/35
COMPANIES ACT:
May not be auditor:
1) Director.officer,employee of company
2) Director.officer,employee of company or of any company offering secretarial work to the
company.
3) Partner, employee,employer of any director of the company
4) Person or partner or employee of regular bookkeeper/sectetearial work of company.
5) At any time in fin year was a director or officer of company.
a) Unless : if hav=bitually a bookkeeper/decretary:
83
8484 | P a g e Auditing Notes AUDI 101
i) Private company
ii) Shareholders agree writing
iii) In audutiors report
iv) No shares owned by public company
v) Auditor registered IRBA
1) Rotation of auditors: 5 yrs , or if >2 yrs, then stop , then must wait further 2 years.
2) Removal of auditors:auditor appointed casually or by directors or first appointment – can
be removed on 28 days notice ,before AGM umless he suspects any reportable
irregularities.,
a) BUT auditor normally appointed may not be removed exept at AGM by ¾ majority of those
present
3) Right of access by auditor: at all times & may require explanations as he /she thinks
necessary of directors& officers.BUT: audiror of Holding company ONLY has access to old
Financial Stat. of subsidiary , not books /records books and records or premises of
company : because he is not the auditor.But he may require explanations + REQUEST
INFORMATION from the directors of the subsidiary company as he deems necessary.
4) General Meetings of company for Auditors: auditor has right of access to ;
i) Attend all such meetings
ii) Receive all notices regarding such meetings
iii) Be heard at such meetings on any business of the meeting which CONCERNS HIM AS
AUDITOR.
5) Auditors duties: report on all such matters said by act or any other acts.
a) Examine afs and gafs to be laid before AGM
b) Ensure proper acc. Records and returns received from branches not visited.
c) Minute books and attendance registers of meetings kept as requires by act
d) Register of directors interests in contracts have been kept.and entries agree with minutes
of meetings.
e) Existence of securities
f) All info + explanations auditor deems necessary.
g) AFS in accordance acc. Records& returns
h) Gafs comply with act
i) Tests to Gafs &Afs fairly present
j) Directors report – conflict fair presentation / distort meaning of fin stats
k) Not carrying on business+ no intention= report to registrar
l) Comply any other duty imposed by act on him
m)Comply auditing profession act
6)
CC Act
1) Founding statement: basic document bring cc into being = memorandum of
company but simpler
i) Name
ii) principle business
iii) postal + physical address
iv) full name + ID of each member
v) % of each members interest
vi) Contribution
vii) Accounting officers name& address
viii) Fin year end date.
2) Disposal deceased members interest:
a) Executor to heir if he qualifies(not mad)+ other members consent
84
8585 | P a g e Auditing Notes AUDI 101
b) If no consent in 28 days : he may sell it to
i) Corporation(cc)
ii) Any other remaining member
iii) Any other person who qualifies both ways as above.( if members disapprove then may
purchase themselves)
3) Cession of membership by order of court: on application to
a) Incapable of performi9ng role eg unsound mind
b) Guilty of conduct prejudicial : eg reckless/negligence
c) Impractical to other members: eg such member never present
d) Other circumstances render just & equitable to cease to be eg acts in own interests
detriment cc.
All For ‘not pull their weight’ , and also court decides on payment+ method of purchase.
85
8686 | P a g e Auditing Notes AUDI 101
INTRODUCTION:
1) In large companies access to computer resources must be controlled:
a) For 1-tapping the Telephone line
b) 2-points of access plugs
c) Maintaining the
i) 1-integrity and
ii) 2- security of data actually transmitted
2) Auditor is not a expert BUT must call on experts if need be! For technical stuff.
TRENDS IN IT
1. Move from mainframes to personal computers-move to end user computing-processing power
+storage-division of duties&data integrity and confidentialtity under threat if correct controls not put in
place (due to everybody has access now,not just 1 central mainframe)
a. Auditor benefits – uses laptop computers
2. Client-server architecture : simplest is a LAN, applications+databases scattered throughout
organization,same implications for auditor as in introduction above.
3. Open sytems: many applications all use same standards, so communicate/exchange data easy.eg
word+wordplus+others. Has implications for auditor.
4. Image processing: scan backups for audit trails
5. CD,USB,DVD : opportunity&threat= + easy to store stuff for auditor.& stealing info
6. Smartcards: contains microprocessor, not magnetic stripe.= better controls-(storage+processing)
7. Communications technology: EFT,EDI,wireless etc.
8. Web enabled: access application via the internet.
NETWORKS
1) Why we have them: Comes from people wanting to share printers,so to buy less printers, now expanded to
any resource incl. processors/database etc etc.
DEFINITIONS:
1) LAN: local area network : is a Data Communications System, links independent resources, normally by cable,in
a small geographical area/building.For 1-share resources+ 2-communicating.
2) WAN: wide area network : same as LAN, exept :
a) Wider geographical area – Eg: to Branches/trading partners(use EDI)/service providers(banks).
b) Extra resources eg: routers,gateways,bridges.
c) Additional considerations: - see cost/security/access control to use either
i) Use leased line OR
ii) Switched line OR
iii) Lines in analogue(needs modems to convert to computer digital) or digital(uses diginet connections).
3) VAN: value added networks: Business entities which provide a message transmission service: they connect you
to 3rd parties/ or trading partners for a fee so you don’t have to buy expensive equipment.
4) VPN: virtual private network: uses encryption to provide a secure ‘tunnel’ using the internet to connect
companies to remote offices/users.Cheaper than leased/owned lines.
5) Internetworks: signify linking of LANS,WANS, to many other LANS,WANS, also to mainframes,PCs etc. Risks
remain same.
6) Server : Powerful microcomputer which controls the usage and makes available to the network : a particular
resource eg; printer/ files/e-mail etc. and makes it available.
7) Distributed Processing: where 1-processing + 2-storage is distributed amoungst a number of different
computers and processors and could take place on various remote sites, not just on 1 easily controlled site.1-
Security of link + 2-Access control is very important.
86
8787 | P a g e Auditing Notes AUDI 101
a) each new user in a system increases chance of data being /invalid. And integrity of programs or
data.Distributed processing+networking increases problem. Via laptop in socket or bona fide pc. in socket.
b) ACCESS CONTROLLS used :NB…………(note- majority of fraud is from internal statisticly)….
i) Sound General Controls: eg: control environment,policies& guidelines, trustworthy personnel,
ii) +Physical Access controls: eg payroll clerk locks office when out, plus strong office security.
iii) +Logical Access Control: : at 1-system+2-application level by.
(1) Identification of users+
(2) Authentication of 1Users + 2Computer Resources
(3) Authorisation : define level of access granted to 1user or 2computer.
(4) Encryption
(5) Logging
2) Security and accuracy/completeness of the data in the communication channels:
a) Long lines in network gives lots of place for hackers to get access.
b) CONTROLLS used :NB
i) Physical & Logical access controls to Telephone Lines.
ii) “Call Back” facility : Once connected , then the bank cuts connection and redials users stored number-
so hackers will be left out.
iii) Lockout after 3 unsuccessful login attempts
iv) Use Industry standards – to ensure network is developed in right way.
v) Use Sophistcated User Authentication techniques designed for network/distributed processing
environment.
vi) Encryption methods: eg public key or private key.
vii) Network monitoring devices : cuts off vulnerable devices/logs anauthorised access.
viii) Firewalls: to secure a protected environment.
c) ACCURACY & COMPLETENESS of DATA. NB
i) Communication Protocols: international standard developed to facilitate communication
ii) Auditor is less concerned with this and more with VAC of input/processing and output.
DATABASES
DEFINITIONS
1) DATABASE : pool of interrelated data stored/structured/managed in such a way that:
a) Duplication is minimized
b) Contains all: information needed for use by sharing in common programs&users
c) Quickly accessable : by all authorized users
d) Simultaneous : accessability by many users with the same view in spite of updates which are in progress.
e) Provides sharing : by many users eg Microsoft SQL
87
8888 | P a g e Auditing Notes AUDI 101
e) Segregation of duties of : 1-design 2-implement 3-operate 4-use database for integrity+VAC of DB.eg
programmers do not update data on database. Assess by 1-inspect organisational charts 2- observation &
enquiry
88
8989 | P a g e Auditing Notes AUDI 101
EFT : ELECTRONIC FUNDS TRANSFER
3) 2 Important points to remember with EFT:
a) It is Transfer of CASH : in a flash – so bad controls =gone.
b) 1 function in a CYCLE: eg wage cycle – all controls contribute to VAC of payment.
4) Whatever the system : EFT payments should be in 4 steps:(eg for a wage payment system)
a) MASTERFILE AMENDMENTS:
i) Any amendments to it must be VAC – V=not ficticious employee A=no errors on account details of
employee C-…..
b) PREPARE THE EFT PAYMENT ( before the payment):
i) Payments to be made must be VAC :
(1) V= fin.Accountant must authorize it –AFTER CHECK supporting DOCS etc.
(2) A=fin.Acc should TEST COMPUTATIONS on payroll before authorizing.
(3) C=fin Acc. Should CONFIRM NO. OF TRANSFERS = No. of employees.
(4) NOTE: just examples- the full range of controls to be effected befor payment is in the ‘Cycle’
chapters.
c) EFFECT THE PAYMENT: following controls to be effected:
i) NO. OF PC’S FROM WHICH TRANSFER can be effected to be restricted.(try 1 only?)
ii) 2 PASSWORDS FROM 2 DIFFERENT senior personnel required to effect a transfer.
iii) Bank to identify terminal PC first eg: ‘CALL BACK’
iv) Auto ACCOUNT LOCKOUT AFTER 3 unsuccessful attempts.
v) LOGS + FOLLOW UPS of security violations
vi) Full range of PASSWORD+IDENTIFICATION controls.
vii) LEAST PRIVILEGE principle. Eg: wage clerks cannot do internet transfers.
viii) ONLY POSSIBLE TRANSFER FROM MAIN TO CLEARING (1 for wages, 1 for purchases etc) accounts at
same bank- from MAIN never /not to any other accounts at all exept ‘clearing’ one.(even up to point that
- main account is NOT internet enabled – only debit orders allowed here and then also only to clearing
accounts-or similar -or you must go into bank itself etc etc .)
ix) All payments eg: wages to be made ONLY FROM “CLEARING” acc.
x) TRANSFERS LIMITED EG: ONLY ON 23RD allowed to clearing account, or only Fridays for Wages etc.
xi) BANK ACKNOWLEDGE+RETRANSMIT info (eg to fin.acc + also another accountant/manager etc) for final
confirmation before transfer to employees bank account.
xii) ENCRYPTION.
d) AFTER THE PAYMENT: Controls to ensure that transfers actually made WERE VAC.
i) System MUST supply an AUDIT TRAIL of all EFT’s made to date.(Hardcopy or Onscreen)
ii) Audit TRAIL TO BE REVIEWED BY SENIOR personnel and tied back to “client held” documentation.
iii) BANK RECON by NON-EFT function person.
THE INTERNET
1) Started as ARPANEt- many LANS,WANS etc.
2) Virus,confidentiality,corruption of data+PROGRAMS,
3) Certain protocols for different types of service, some are more safe than others.Different services are:
a) WWW : uses http/ https (secure) ,hypertext transfer protocol. to market products/sell 24/7 /source of
info./download products=music/articles etc.
b) E-Mail : uses smtp=simple mail transfer protocol
c) File Transfer : uses FTP/ SFTP ,file transfer protocol.
d) Remote terminal access+command execution: as if you were on that terminal.
89
9090 | P a g e Auditing Notes AUDI 101
address/lenghth/content of e-mails. 3-virus scan all incoming 4-encrypt 5-
control delivery to specific PC’s.
3 Non -Payment Before dispatch : verify customer strong possibility will pay.-ID+auth. BY:
1-get ID no/credit card no. and give customer a log in password. 2-challenge-
response question(security question)3-e-mail address to alert customer of
transactions on his account or verify and foil fraud use of anothers e-mail. 4-
restrict payment to credit card only(supposedly bank has his details etc-but
seems a bit dof ) 5-For credit sales all normal creditworthiness controls must be
done+ ID&auth.
4 Info could be Adequate input& reasonableness checks eg:
missing=cannot fill order- 1-well designed web pages with spaces for all info. +EASY TO FOLLOW.
unhappy customer 2-minimum input eg click description of product- NOT type it in! brings up item
no. etc.
3-program check eg alphanumeric/mandatory fields etc.
5 Unauthorized disclosure of Use transport layer security techniques.eg
customer info. or data 1SSL etc.
integrity loss on 2- info is re-sent to customer to confirm it after input(confirmation page)
transmission 3-logs checked to see if all transmissions sent were received.
6 Customers chased by 1-Verify company using Thawte/Verisign/
suspicion of malicious 2-display privacy policy
code/or non-legitimacy of 3-secure web applications by specialists: ID+auth. ,input validation,
business. reasonableness check
7 Lack of availability of 1-inhouse specialists –user friendly,up to date,attractive.
24/7/365 Lost /unhappy 2-Redundancy&disaster recovery
customers prevented by
reputable service provider
8 Incorrect Pricing Reputable staff + info. systems who can :
1-Must calculate all costs of webstore carefully, also not compete with own retail
stores.
2-Set prices correctly
9 Risks of international Reputable staff to ensure: 1-reliable delivery 2-policies +procedures to avoid
trade, unless country contravening customs/financial export/etc
blocked to SA only:
10 Inadequate Audit Trail 1-digital signatures
prevents adequate 2-time stamping
defense against claims 3-software which logs all transactions.
COMPUTER BUREAUX
1) Is a business which processes other entities data for a fee.Provides hardware,software,skills. You don’t have to
pay for staff& equipment.
2) Options:
a) Facilities Mngmnt : -your equip., they look after it at their premises.
b) ASP: application service providers- entire service for an application is provided by them
c) Full Outsourcing: All IT services are provided by the bureau.
3) Used by some to enhance confidentiality eg: salaries processed offsite.
AUDIT IMPLICATIONS:
1) Adds another dimension to accounting system to be controlled.
2) Auditor must evaluate bureau
3) Data must still be INPUT ,PROCESSED ,OUTPUT – with all same controls by client or bureau- one of the two!
4) Auditor MUST do the following:
a) Assess bureauxs suitability.-
i) it is relying on an expert, so their 1-competence 2-independence 3-stability 4-range of services 5-
reputation for confidentiality 6-security arrangements of bureau 7-deadlines efficiency&responsibility 8-
up to date and reliability+check any independent evaluations done on them,read correspondence emails
with them,professional bodies etc.
b) Evaluate bureauxs agreement/contract.(learn-very large thing in book-could ask just this)
90
9191 | P a g e Auditing Notes AUDI 101
i) Reference in dispute: must cover: 1-liason2- describe input/process/output 3-deadlines&consequences
4-clients + also 5 bureaus responsibilities 6 back-up processing arrangements. 7-auditors access to 8-
training 9-fidelity&10 other insurance 11-basis of fee etc
c) Evaluate controls of client over functions which are the clients responsibility.
i) IE: by observation,enquiry,inspection,reperformance.
VIRUS
1) DEFINITION: it is a program SPREADS from 1 computer to another, EVENTUALLY performing the ILLICIT
function for which it was intended. Each virus works INDEPENDENT of original. Common to SPREAD BY e-mails.
2) Viruses extra likely in high network environment eg internet.
CATEGORIES OF VIRUS:
a) DESTRUCTIVE:
i) Massive destr. : unrecoverable data damage
ii) Partial destr: erase portions of storage
iii) Selective destr: erase specific files
iv) Random havoc: change random data/keystrokes/input or output data.
v) Network Saturation: overload crash
b) NON-DESTRUCTIVE:
i) Annoyance : display messages/change screen colour/change keystrokes(eg ALT/SHIFT
combination)/delete chars. etc.
KINDS OF
a) Trapdoor = code causes extra illicit password/entry door
b) Worm = code spread through a network
c) Trojan Horse = code copies eg passwords as typed in
d) Logic/Time bomb – sets off at date/event does some illicit thing
91
9292 | P a g e Auditing Notes AUDI 101
93
9494 | P a g e Auditing Notes AUDI 101
3-customers deny (c)keep 2 copies of delivery note,return
receiving picking slip to warehouse
4-released from 2-double check against picking slip when
warehouse but packing,also check address
never despatched. 3-clerk prepare 2 part delivery list, match
goods+Delivery Note eg: Delivery Note a447…
5 boxes.
4-delivery staff sign delivery list show receipt
(after check) of goods+delivery notes, give to
dispatch clerk,+keep 1 copy
5-gate control dtae stamp both copies of
delivery note after check goods vs 1delivery
notes+2delivery list(no gate control then
dispatch controls must be very tight)
6-customer sign both copies of delivery note,
keep 1 ,1back
5- Return of 1-Sales invoice 1-Goods not 1-copy of ISO temporary in numerical order in
invoicing delivery note 2-Price lists invoiced invoicing dept.
Invoicing match to ISO 2-Inaccurate invoice 2-as signed delivery notes received filed
and produce sequentially & match to ISO(is it then removed
invoice. to where from file)
3-ISO’s remaining in temporary file
investigate frequently.
4- matched delivery notes file sequence tested,
gaps check
5-invoice clerk:
i) check details ISO vs INVOICE
ii) check prices vs price&discount
lists
iii) make sequenced invoice cross-
reference to ISO & Delivery note.
6-second employee(supervisor) check & sign
invoice: discount,vat,prices,customer
details,extentions,casts.
6- 1-Invoice 1-invoices are 1-invoices entered in sales journal in numerical
Recording 2-Sales journal omitted from sales sequence only
3-Debtors Ledger journal a)sequence continued from period to
of Sales 4-General Ledger 2-inv. Duplicated in period
Record Sales
and Raise sales journal b)cancelled invoices to be recorded in SJ -as
Debtors. 3-inv.inaccurately “cancelled”-no missing a number
entered in eg 45 as 2-batch control sys- total “invoices” before
450 entry/ then after entry total the “sales journal”
4-inv.entered to check entries.
against incorrect 3-independant employee to: recon1
debtor a)sequence check SJ entries+follow up
missing
b)compare SJ customer name+amount to
invoice
c)check SJ to “GL & DL”
4-other independent employee recon 2 DL to
GL regular
7- 1-Remitance 1-payments 1-Post opened by 2 people
Receipts register received not banked 2-Post payments into remittance register by
2-Customer due – “openers”
Mail remittance advice (a)carelessness or 3-Prenumbered receipts for all pay
room/ 3-Receipts (b)theft received(or at least for cash)
Cashier 4-Bank deposit 4-bank receipts daily
Receiving and slip 5-Bank deposit slip by CASHIER- NOT
Recording
employees opening post.
Payment from
debtors. 6-cashier recon 1 remit.register vs
cash&cheques & sign it.
7-independent employee remittance register&
receipts issued recon 2 to bank deposits.
94
9595 | P a g e Auditing Notes AUDI 101
8- Record debtors1-bank deposit 1-deposits not 1-CRJ daily by date & number from receipts (if
Recording in CRJ & credit slip recorded/or rec. issued)
debtors 2-CRJ timeously 2-Queries from debtors : by person independent
of accounts 3-DL 2-recorded deposits of 1’debtors’ & 2’banking&recording of cash
Receipts promptly 4-GL may functions.’
Receiving and
Total received (?remittance (a)inaccurate 3-recon1 bank statement TO cash book mnthly
Recording
Payment from for period then list/receipts (b)overstated(fictit + independentof banking&recording employee
debtors. posted to GL issued/customer ious) + reviewed by senior official.
control acc. remittance (c)cr to wrong 4-recon2 CRJ supervisor (a)CRJ vs gaps 1dates
advice)? debtor 2sequential
(b) test CRJ to DL
5-recon3 DL to GL control acc. Independent
employee regular
9-Goods 1-Goods returned 1-desc. & qty of the 1-all ONLY received by “Goods receiving Dept.”
Returned voucher actual goods 2-goods receiving clerk must:
2-credit note returned incorrect- (a)check qty+descr. +damage
by 3- causes an incorrect (b)make goods retuned voucher+ cross
Customer Returns&allowanc credit note be reference it to customer documentation
see 4 minor e journal passed (c)sign customer docs. +keep copy+attach to
activities in 4-debtors ledger 2-credit note passed GRVoucher
the cycle 5-general ledger for goods not 3-transfer receiving TO warehouse: clerk
for this one returned (a)check qty+desc to GRVoucher
3-credit note (b)sign
recorded 4-Credit notes to be:
inaccurately/or to (a)ONLY made by Accounting dept
wrong debtor (b)cross-reference to original invoice
(c)supervisor check GRV+credit note+signed
customer docs –check policies(eg: in 30 days
only) +valid
(d)5-sequential in Returns&Allowances
Journal and normal control procedures over
recording put in placeeg check gap
6-senior fin. Manager regular check Journal
+follow up suspicious(eg large amounts, regular
same customer, etc)
7-Not to mix up damaged with other stock
10-Credit All record in cycle 1-debtors do not 1-credit application controls same as in ‘sales
Managem are relevant pay/pay late authorisation’
+monthly 2-debtors 2-monthly statements to be sent promptly to all
ent statements prematurely or debtors
see 4 minor +age analysis inappropriately 3-monthly age analysis+ follow up by
activities in +credit bureau written off phone/letter if exceed
the cycle information 3-debtors written off 4-if not successful- credit manager contact to
for this one without authority. re-negotiate terms or threaten hand over
debtor.
5-hand over before too long period
elapsed(prescription..)
6-write off recommend credit manager ,
authorize independent senior financial
employee.
7-recon 1 : credit manager recons write offs TO
supporting docs, after entered in journal.
8-REPORT: senior fin manager: regular: age
analysis,write offs,how overdue’s are being
handled,bank,debtors balance,list of debtors.
95
9696 | P a g e Auditing Notes AUDI 101
a) Debtors Amount: this cycle produced what is frequently a very significant figure on the balance sheet.
(fraud/errors etc)
b) Sales: it produces the figure from which Profits & Losses originate.
c) The Overall Risk in this cycle can be looked at in 2 ways:
i) Understate SALES: mngmnt tempted to understate for
(1) TAX & REDUCED PROFITS particularly with large cash sales.
(2) ‘hold back’ by moving to next year , to get off to a good start for next year ( if large slaes this year)
ii) Overstate SALES: mngmnt overstate to : by ficticious paper sales OR pre-invoicing (year-end more)
(1) Meet sales targets
(2) ‘Ratios’ by manipulate ‘debtors’
2) RECEIPTS: (transactions)
a) Completeless
b) Occourance
c) Accuracy
d) Cut-Off
e) Classification (proper accounts)
96
9797 | P a g e Auditing Notes AUDI 101
a) Fictitious/Overstating Sales(occourance) & fictitious /Overstating Debtors(existence) : incr. profits &
current assets –so ratios.
b) Understating Sales & same Debtor : tax or ‘cheap mngmnt buyout’
c) Understating Bad Debt Allowance(valuation) : normally part of trend to manipulate allowances/provisions
, improve assets/profits/ratios
d) Recognition of revenue from sales(occourance): eg pre-invoicing OR recording appro. / lay-by OR
understating
2) MISAPPROPRIATION OF ASSETS.
a) Stealing cash sales(Completeness sales+bank)
b) Stealing debtors payments(Completeness debtors+bank)
c) Unauthorised reduced sales charge -bribe/friend(Completeness debtors+bank & Accuracy sales)
d) Debtors accounts (Completeness debtors ) bribe/friend –not accurate but completeness.
e) Picking/dispatch theft (Existence stock) – 15 instead of 10 collusion ouside)
f) VAT not pay (Completeness liabilities) – recorded OR unrecorded sales.
3) LAPPING/ ROLLING
a) Stealing cash from : Cash sales or Debtors payments by:
i) Hide by manipulate posting from debtors to debtors ledger
ii) Hide by substitute cash stolen with debtors cheque payments-take cash put debtors cheque payment as
a cash sale-then post another debtors payment at mnth end as 1st one taken/or multiple.(Becomes very
complex Web)You can say 2nd was too close to mnth end thus not reflecting yet. (reconcile physical
cash with cash receipts)
b) He needs: NOT use bank deposit slips as source docs for cash book(bank teller compares cheque name to
deposit slip),he handles all queries from debtors, or he write up source doc receipt Or cash book.
c) Fix by:
i) Feed back
ii) Credit notes
iii) Bad debts
iv) Destroy records
d) Risk in:
i) Poor control environment
ii) Poor segregation duties pay write receipts / debtors queries/ recording
iii) Cash&credit sales
iv) Small/medium size business
TESTS OF CONTROLS
1) You identify each control, then perform 1 of the above 4 procedures on it to test if it works .
2) Each is Limited in value: ‘inspect’ signature only says it was signed, not actually checked, ‘observe’ only says
control worked While you watched, not always.
3) Note: tests must also be done on NON-SPECIFIC (GENERAL) CONTROLS: eg ‘custody’ of blank delivery
notes,invoices.
4) Eg:
a) Enquire:
i) of order clerk if 1- ALL orders go to him,
ii) 2- if he makes out an ISO for all orders, not only phone orders.
b) Inspect :
i) 1-filed copies of ISO for ‘evidence’ credit approval was obtained.
ii) 2- correspondence from ‘credit bureau’ to confirm approval was actually obtained.
c) Observe:
97
9898 | P a g e Auditing Notes AUDI 101
i) opening of mail & writing of receipts
ii) despatch clerk counting and checking goods on transfer from warehouse to dispatch.
d) Reperform
i) A bank recon
SUBSTANTIVE PROCEDURES
1) In some other textbook says it is divided in 3 Types: 1- Transactions 2-Balances 3-Analytical Procedures.(we say
+ Presentat.and Disclos.)
2) MAIN focus for this cycle: BANK/CASH + DEBTORS balances, which also gives evidence for sales.
3) MOST IMPORTANT part : non-cash transactions which reductions debtor balances : do tests as in ‘eg’ no 4
below , PARTICLARLY AUTHORITY given for each to be done.
a) Credit notes
b) Bad debts write off
c) Special discounts
4) Eg: auditor just selects a sample of Sales Invoices and Does DUAL PURPOSE TESTs on them :”VOUCHING OF
TRANSACTIONS ‘ ARE referred to as ‘dual purpose’ tests: because…..
a) DUAL PURPOSE TESTS:
i) Inspect: Match to details on supporting docs –sales order,delivery note
ii) Inspect: trace to entry in sales journal
iii) Inspect : docs for signatures showing control procedures have been carried out.
iv) Reperform :pricing from price list and Enquiry&Confirmation :validity of discounts.
v) Reperform/recalculate: casts, extensions,discounts, vat.
vi) Reperform: posting to debtors ledger.
5) CATEGORIES OF ASSERTIONS: ISA 500R Categorises the Assertions as follows.:
a) Classes of Transactions and Events (for period) eg:sales, purchases,
interest received
b) Account Balances carried forward to next year(at year end) eg:property plant
&equipment ,accounts receivable.
c) Presentations and Disclosure : eg:notes to
bal.sheet , contingent liabilities
98
9999 | P a g e Auditing Notes AUDI 101
6.3. CLASSIFICATION AND UNDERSTANDABILITY. :financial info./disclosures are
appropriately/ properly PRESENTED and DESCRIBED, and EXPRESED CLEARLY.
6.4. ACCURACY AND VALUATION. : 1-FINANCIAL and 2-OTHER INFORMATION( eg notes on
union problems) are disclosed FAIRLY and at APPROPRIATE AMOUNTS. (at correct
valuation amounts and in a correct and proper – 'FAIRLY presented' - manner.)
DIAGRAM OF ASSERTIONS:
99
100100 | P a g e Auditing Notes AUDI 101
c) How to ‘subsequent receipts testing’:
i) Select sample
ii) Check CRJ to identify receipts, 1-trace to customers remittance to see for which invoice it was, 2-trace
to date, 3-trace to invoice & delivery note& 4-trace if recorded at year end in sales journal & debtors
ledger.
iii) Make sure a cut-off test is performed where last 20 invoices+delivery notes customer signed inspected
to make sure they are from year end /OR : at year end(auditor marks the last invoice/del. Note number
as ‘end of year’ & note number)
3) ASSERTION : VALUATION (& ALLOCATION): for debtors consists of 2 parts , gross amount and bad debts
i) Gross Amounts: & follow up
(1) Unusual entries: eg year end dr’s
(2) List of debtors : trace to general ledger debtors control account&trial balance, and debtors ledger
individual accounts.
(3) Reconciling items from ii) must be
(a) Casts
(b) Reconciliation logic
(c) Follow up reconciliation items.
(4) re-CAST : Debtors list & control account re-CAST.
(5) Find CR balances in debtors ledger+reverse if needed
(6) Circularization : Refer to circularization & follow up
(7) Foreign currency :
(a) Rates Bank
(b) Old transaction rates calc vs end year rates
(c) Must be at end of year rate in books, or it is wrong!
b) Bad Debts:
(1) Method &procedures enquire (eg if to students hostel room no. then provision must be more)
(2) Authorization procedure :(better if more independent of ‘credit control/er’ itself)
(3) Change in circumstances : have they change so prior year’s method is wrong eg new credit policy.
(4) ENQUIRE MNGMNT: change in circumstances : eg new credit policy/ changed trading conditions
major customer.
(5) Reperform ALL calc’s.
(6) Reperform Ageing : on small sample, to check if correct periods, refer to invoice/delivery note.
(7) Long outstanding & material outstanding :discuss ALL with credit controller
(8) Legal &debtors correspondence : check to identify debtors handed over and those with disputes.
(9) Prior year vs Actual : compare to check the companies ability to estimate correctly.
(10) MONTHLY REPRTS TO MNGMNT: should be reviewed eg: write offs & debtor liquidity
problems.
(11) Analytical Review:
(a) % to prior year
(b) write-offs to prior year.
(c) Age analysis to prior year : is debt getting older?
(d) Ratios year on year : eg Days Outstanding Debtors.
(12) Potentially Uncollectable : debtors should be considered on a 1 by 1 basis, not as a
%.Consider all aspects eg large chain store will pay, but just overdue.
4) ASSERTION : COMPLETENESS : do following to make sure of this
a) Cut-Off Testing:
i) AFTER: first 20 (material) after year end cut off number –trace correct to delivery notes/records
ii) BEFORE: 10 before check as above.
b) Credit Sales: to see whats NOT been recorded is more difficult to check/trace than what has been
recorded.
i) Missing dispatch notes (not in debtors)
ii) Dispatch notes NOT MATCHED to an invoice (not invoiced= not in debtors- TAX etc)
iii) Purchases+ inventory left MATCH to Sales (eg sold but not in debtors/or revenue)
iv) Specific Representation from Management as to Completeness of Sales
v) Analytic procedures:
(1) gross profit % fluctuations
(2) prior periods : sales&debtors to
(3) prior periods : sales by characteristic to branch/region/month/customer
(4) sales ratio: eg: commission vs sales (if commission is up, sales should be up)
5) ASSERTIONS: (not ‘balances’ but next one :ie) PRESENTATION & DISCLOSURE as it applies to
debtors: as per ISA500
a) IAS :COMPLETE IN TERMS OF ias INTERNATIONAL ACCOUNTING STANDARDS, 4TH SCHEDULE. Eg: debtors
balance with current assets, + disclosed encumbrances on debtors.
100
101101 | P a g e Auditing Notes AUDI 101
b) Evidence :consistent with evidence gathered on audit.
c) Amounts , facts ,details, 1-accurate 2- and=evidence
d) Appropriate classification of information.
e) Wording is clear and understandable. Eg: accounting policy & explanation of encumbrances.
6) ASSERTIONS: all /General
a) Analytical procedure of debtors : should be performed
(1) Analytical Review:
(a) Debtors to prior year
(b) Debtors vs credit Sales to prior year.
(c) No. & Amount of Debtors by Branch/Division/Product.
101
102102 | P a g e Auditing Notes AUDI 101
4) Window Dressing : where you make a payment by cheque but do not post it until after year end: so a ratio of
2:1 will become a ratio of 3:1: eg bank 100 creditors 5=2:1 , so you pay 25 then bank=75 creditors= 25 = 3:1
–(1-to catch check a ‘cut off statement from bank’ which means one from after the end of fin year, to see which
cheques took very long to present, 2-then request to write-back this cheque for year end figures purposes)
5) Kiting: where company controls many bank accounts and uses this to inflate ceratin balances using the time
taken by a bank to clear payment n a cheque. You transfer from a bank account at another bank, by cheque to
another bank account-then while one is waiting to clear so it gets reduced (has not cleared yet so not yet
reduced at 1 bank) , then other is immediately credited on deposit and youseem to have more than you actually
have ie; 50 +10+ deposit of 10 = 70., but deposit only clears after bal.sheet date so then it is 2 weeks before
40-payment of 10 + 10+deposit of 10=60
6)
7) Transfers:
a) Eft TRANSFERS scrutinize : carefully esp. payee account VALIDITY
b) YEAR END : any large transfers at year end, to subsidiary or related party or own bank
accounts,CONFIRM(for KITING) (also with reference to other auditors at related parties if needed).
i) Supporting docs
ii) In same year period : recorded in both enities books in same period
iii) Any outstanding : are included in any bank recons.
8) Cash counts:
a) Simultaneous: counting of all floats prevents cover ups
b) In Presence of cashier responsible for:
c) Alone : auditor NEVER alone with cash, or accused of stealing it
d) Cashier+auditor sign : results on workpaper together
e) Recon as follows: cash float + cash received - cash payments=cash on hand.
f) Supporting docs : all Payments& receipts should be supported by
g) Supporting docs: 1-Valid+2-Authority all to be scrutinized for both of these things.
h) Postings: cash transactions to the ledger
102
103103 | P a g e Auditing Notes AUDI 101
103
104104 | P a g e Auditing Notes AUDI 101
FLOWCHART AND DESCRIPTION OF CYCLE
NOTE: For every single controls column below , ADD: employees must sign docs to acknowledge
control procedures they have conducted.( as per book vertabim)
FUNCTIO Descr. DOCUMENTS RISKS CONTROL PROCEDURES
N
INTRO.
1) Important cycle –must be comprehensively audited.
2) Product= purchases&creditors also bank
105
106106 | P a g e Auditing Notes AUDI 101
3) If auditor thinks cash&creditors is fair, then purchase&payments should be fair
TESTS :
1) Tests of controls:
a) Observation
b) Inspection
c) Reperformance
d) Enquiry
2) Substantive procedures:
a) Inspection
b) Enquiry & Confirmation
c) Recalculation
d) Reperformance
e) Analytical procedures
TESTS OF CONTROLS:
1) Assess the risk that misstatement will not be identified by the system/risk of misstatement of the fin stats/not
fairly presented.
106
107107 | P a g e Auditing Notes AUDI 101
2) Eg:
a) Inspect
i) a sample of purchase orders for supplier is on approved supplier list
ii) Requisitions for authorizing signature
iii) Supporting docs is it stamped so it cannot be used again
b) Enquire: procedures carried out of goods receiving clerk – to reveal missing procedures
c) Observe: procedures carried out of goods receiving
d) Reperform: creditors reconciliation(creditors STATEMENTS to creditors ledger)
3) Test should also be conducted on GENERAL(NON-SPECIFIC) CONTROLS eg: custody of blank order forms
4) Remember limitations of these tests: observing someone performing it only means he did it then, not every
time etc.
SUBSTANTIVE PROCEDURES:
1) Main= creditors balance, main=completeness, main
2) Generally seen as :liabilities understated, not overstated
3) In addition to creditors balances auditor may select sample of transactions eg: payments and purchases to
perform subst.tests on, to seek EVIDENCE on assertions :Eg on a purchase transaction:
a) Occourance:
i) Inspect supporting docs (GRN, PURCHASE ORDER, DELIVERY NOTE, INVOICE)to see if
(1) External docs are made out to Why(Pty)ltd
(2) All doc are signed by the authority eg chief buyer.
b) Accuracy: (amount)
i) Recalc name extentions invoice
ii) Confirm prices&discouts: check order or purchase contract
iii) Recalc vat , check discounts come before vat.
c) Cut-off:
i) Date on docs to date in purchase journal +fin year
d) Classification:
i) Should be on purchase order by buyer , check if in right one
ii) Check descr. To be sure correct: eg fixed asset not written off as expense.
iii) Vat correct on invoice+journal
iv) Creditors ledger posting from ..
e) Completeness
i) All that should have been recorded are recorded.
109
110110 | P a g e Auditing Notes AUDI 101
110
111111 | P a g e Auditing Notes AUDI 101
3) Record Production Costs :Provide Information to calc. cost of manufacture/production. (accumulating all
production costs and adding to ‘cost’)
4) SEE DIAGRAM PAGE 12/4 bottom – no time
receivi
ng
RISKS OF THE CYCLE
1-RISKS
1) Inventory is Lost or Stolen due to.
(1) Physical Controls – inadequate
(2) Transfer Controls -of inventory, inadequate ,unathorised issues
(3) Isolation of Responsiblility – inadequate establish who is accountable for at any stage
(4) Division of Duties- inadequate- eg storeman custody+recording=conceal theft
2) Inventory Deteriorates due to
a) Inadequate Physical controls (eg: gets wet)
b) Its Nature (foodstuffs, chemicals, fresh produce)
3) Delays & Inefficiencies in Production due to:
a) Incorrect raw materials supplied to production
b) Non-availability of raw material
c) Poor Quality of raw materials
4) Unauthorised Production : eg private jobs
5) Inadequate recording of Costs of Production. : WIP etc wrong costs carried forward.
2-CONTROL PROCEDURES
1-TRANSFERS N.B.
1) Recorded: no movement without recording eg signed requisition / or barcode
scanning.
2) Deliverer + Receiver Sign : both should acknowledge after check qty,descr. Eg
material issue
3) Filed Numericly : transfer documents (for finding gaps/false copies/missing/)
4) Regular Review Signature : all docs. Should regular review for authorizing
signature.
5) Regular review sequence check: docs regular find missing/false extra etc.
+Investigate if
2- 1) Physical controls : Stores + All Production Area
DAMAGE/LOSS/THEFT a) Limited entry/exit : minimum doors possible
N.B. b) Controlled entry/exit: swipe cards / keypads /turnstiles /x-ray /security
guards/gate cntrl.
c) Restricted entry/only: eg buying clerks not unaccompanied, only production
employees.
d) Secure buildings: solid structure, minimum windows, locks etc
e) Environmental: pest free, temp. controlled, dry, neat , clean.
f) Surveillance: cameras over production line+receiving+despatch.(it’s often easy
to steal from production line)
2) Frequent Comparison & Reconciliation:
a) Inventory theory vs Actual: in all its forms, theoretical vs actual
b) Production schedule VS Actual :where’s the extra raw materials from lower
actual gone to?
c) Budget VS Actual : why did it cost more? Dofness on duty?or why?
3) Investigate Reconciliation : material variances.
4) Regular Surprise Checks: by mngmnt+supervisory to see unauthorized production
by: machine hours/usage compare to actual production+production schedule to actual
being made comparison
5) Division of Duties : Note: ONLY THIS ONE : custody + recording inventory not by
same person.
111
112112 | P a g e Auditing Notes AUDI 101
3-Info. FOR 1-FOR JOB ORDERS
PRODUCTION COSTS 1) Preprinted Job Cards for ALL JOBS TO BE RECORDED ON
a) Sequenced and dated
b) List of materials to be used
c) Cross-ref : to customer order/quote
d) Cross-ref : to materials requisition
e) Cross ref : daily production schedule
f) AUTHORISED by PRODUCTION MANAGER.
2) Job cards Pending File : that are still In production go in a …and updated for
labour hours as they are incurred.(could be computerized)
3) Job cards Finished: should be removed from pending file and costed-labour
hours&material prices accumulated and overheads allocated. (see objectives above)
4)
5) Job Card Calculations Checked : all above calc. should be checked by a second
clerk
6) Job Card Numericaly filed : after
7) Job Card Completed file Sequence test & Check for: Frequent & Regular for
a) Cross-ref to “transfer to finished goods note” and to a “sales invoice” ( not skelm
private job)
b) Missing job Cards are still in the production stage.
8) Job Card Mngmnt Compare : to QUOTES and BUDGETS & investigate variances.
9) “transfer to finished goods form” : On Completion : make out a
a) Accompany goods to finished goods store
b) Cross-ref to job card
c) Be used to write up perpetual inventory of finished goods (one record-the other is
job card accumulation, so you have 2 to stop skelm change 1,as well as other
reasons)
112
113113 | P a g e Auditing Notes AUDI 101
(cycle counts are not restricted to large companies but a perpetual inventory IS
required.)
2) Plan Timing : at begin year eg: 2 days every 3 weeks, or every 3 months(in large
firms it can be an ongoing exercise.
3) Identify items to be counted:
a) Random samples (from the records -list to shelf)
b) Items susceptible to theft
c) High value items
d) Divided List in sections: do just 1 at each count
e) Divided Warehouse in sections. : do 1 at the count
4) Use a Standard method & count controls
5) Sequenced INVENTORY ADJUSTMENT FORM : all discrepencies entered here.
6) Investigate discrepencies : by 1-internal audit 2-inventory controller.
a) Results of investigation recorded on ‘inventory adjustment form’
b) Warehouse manager authorize adjustments &review
c) Numerically filed
d) Sequence checked regularly(? Why?maybe got ‘lost’in investigation)
7) Recording adjustments : by other clerk independent of 1-custody,2-receiving,3-
issue.
8) Review 1 : perpetual inventory records VS adjustment forms by senior warehouse
ou (to see if all adjustments DO actually come from the forms or not?)
9) Review 2 : discrepencies over a period to identify trends & put preventative measures
in place.
2-YEAR END INVENTORY COUNTS
Periodic sytems count & price all once per year – so mistakes =effect on fin.stats.
(perpetual as well but not as bad)
113
114114 | P a g e Auditing Notes AUDI 101
7. Dates,Times, Locations of Count: Give this in Detail.
8. Pronounce ‘sixtiey’ etc not sixtie for 60, same for 70, 80, etc. to avoid confusion
4) CONDUCTING THE COUNT:(NB done in detail in class)(there are variations in
procedutes but following should always be adopted)
1. TEAMS of 2, one person always independent of all aspects of ‘inventory section’
2. Floor plan : each team gets one, shows which are they are accountable for
3. Count Twice: all items, use one of following methods:
i) 1 member counts, 1 records, swapping to count their area a second time.
ii) I team counts 1 area once , then another team counts it again.They give their
sheets back to controller and sign for sheets of another area.
4. Tag OR Chalk :Either neatly boxes counted coloured chalk 1 colour for each count
OR use tag system
5. Damaged OR Very Dusty unused : inventory: mark on sheet as potential write-
downs.
6. Packaging Tampered with : count items inside & note details on sheet.
7. Random selection & check : select some packages and check contents inside to
see if description is same as on sheet, (check they have not been
changed/removed and seal replaced.)
8. After count: controller + assistents must walk through warehouse and check
i) Double marks OR both tags removed : on all boxes to show counted twice
ii) Check inventory sheets if 1st & second counts qty same and same as records of
perpetual inventory.
iii) Have discrepencies recounted.
9. Last GRN + INVOICE + DELIVERY NOTE numbers up to date of count obtained
by count controller and recorded for future reference.
10. No dispatch on date of count(or use system of : all issue forms on those days
must record if before end of year or after end of year removal per item and exact
time and date of picking–before add to count if already counted , after subtract
from count if not yet already counted – the counters must note time & date of each
item counted to see which .(note : if box was already counted, then before leave
same , and after also leave same.And if busy counting the box while picking stock
then figure out a method to balance it all out-with people at door to double check
what goes out etc. etc.very complex- must research and work this out)
11. Receipts from deliverys : store separate in receiving bay-don’t add to stock until
after count.These late deliveries MUST then be counted and added to inventory
count after count is complete.
12. Counters to:
i) Draw Lines through Blank spaces on sheets
ii) Sign each sheet and every alteration.
13. Inventory Controller to:
i) Check above 2 procedures done
ii) Sequence test sheets to make sure all are accounted for.
14. Count Teams Formally Dismissed : only when count is complete AND all queries
have been attended to.
115
116116 | P a g e Auditing Notes AUDI 101
FRAUD IN THE CYCLE:
1) Fraudulent Financial Reporting:
a) Presents directors with an effective opportunity for manipulating the bal.sheet.
b) The directors may:
i) Include fictitious inventory
ii) Understate writedowns for obsolescence,damage,etc.
iii) Overstate writedowns, or exclude inventory which should be included.
c) There are hundreds of ways to include fictitious inventory.As all directors know auditor will perform physical
tests of inventory,many frauds require intricate planning and a lot of deception
d) Example: the great salad oil swindle- vats had false pipes for measuring or seawater in the bottom.fraud
only got discovered when the banks called in their debts and there was no oil.
e) Methods to reconcile fraudulent inventory with physical inventory:
(1) Include hollow containers in the count
(2) Hollow stacking: surround empty boxes with full ones
(3) Attach empty container to shelf to seem heavy
(4) Put bricks in proper inventory packaging
(5) Repack second hand or defective to look like new.
(6) Alter qty on inventory count after the count
(7) Include inventory which is not what is recorded on sheets eg steal genuine nike and replace
with cheap lookalike
(8) Borrow from a related party for the count only
(9) Have sold goods returned under false pretences for the count eg vehicles
(10) Double counting : eg in transit or multiple locations
(11) Obtain False 3rd party confirmations from agents or related parties
(12) Include ‘on-consignment’ inventory as your own
(13) Manipulate year–end cut-off.
(14) Incl. goods received in physical count but not in inventory.
(15) Pre-invoicing and include goods in physical count.
2) Misappropriation of assets
a) How to get the goods and how to hide the theft
b) How to get the goods will depend on:
i) Nature of goods: small valuable vs large immovable
ii) Physical control ; limited exits, cameras,etc
iii) Division of duties: custody & recording by same person
iv) Frequency of physical & theoretical reconciliations.the more often the more difficult to steal
v) Controls in other cycles: eg receiving goods(aquisition cycle) , despatching goods(revenue cycle)
vi) How to hide the theft will depend on :
(1) Division of duties-custody & record keeping – presents the BEST opportunity.
(2) Control environment weak.
116
117117 | P a g e Auditing Notes AUDI 101
SUBSTANTIVE PROCEDURES
1) Many of the tests of controls are dual purpose tests
2) Auditors Objective: (all done by substantive procedures)
a) Quantities correct
b) Cost formula correct
c) Reasonableness of write-downs
d) Cut-off procedures(physical vs records)
e) List of GRN no.s not matched to suppliers invoices by year end drawn up for later use.
3) Year-End procedures:
a) Attendance at inventory count (existence ,completeness,valuation)
b) Post – count procedures :subsequent audit of carrying value (valuation, rights, presentation & disclosure)
4) Inventory Count Attendance: (generally)
a) it is both a test of controls & substantive test.
b) Test of controls: of actual controls for the count itself
c) Substantive tests:
i) Existence : of qty by sheet to shelf tests.
ii) Valuation : condition-damaged/obsolete/slow moving.
iii) Completeness: by shelf to sheet
d) Cut-off procedures(physical vs records)
e) List of GRN no.s not matched to suppliers invoices by year end drawn up for later use.
5) INVENTORY COUNT ATTENDANCE: (METHOD) NB
a) PRIOR:
i) dates & times Liase with client about of count
ii) locations: confirm by enquiry, prior audit papers,visit
iii) admin.planning eg organize staff to attend
iv) written instructions: get a copy of clients instructions to his teams
v) not to be counted: get list of eg: consignment,invoiced but not delivered/collected.(&ask how it is
identified physically)
vi) brief audit staff: as to their responsibilities.
b) DURING:
i) Written instructions: observe to check clients instruction are adhered to.
ii) Obsolete/damaged/dusty old packets record item no,details etc to check if it was noted on count
sheets as it should have.
iii) Sheet to shelf: make sure all categories all sections & categories are tested.
iv) Shelf to sheet: make sure all categories all sections & categories are tested.
v) Resolve discrepencies & amendment: before end, to be sure amendments entered on sheet after
recounted with staff.
vi) Numerical Sequence test: check before & after count to be sure all sheets are accounted for
vii) Exclusions: confirm by enquiry (of counters) &inspection (of sheets) whether
consignment/undelivered/uncollected/etc have not been included.
viii) Pronounce ‘sixtiey’ etc not sixtie for 60, same for 70, 80, etc. to avoid confusion.
c) CONCLUSION:
i) Inspect Inventory Sheets To Confirm That:
(a) Lines drawn through blank spaces. (so items cannot be added)
(b) Alterations/corrections have been signed.
(c) Sheets signed by counters responsible.
(2) Audit Records (create some by)
(a) Copies: of all inventory sheets.(hardcopy or digital)
(b) Observations: as to clients count procedures.
(c) Test Counts Results :of Test Counts by Audit team
(d) Recording damaged/slow-moving/obsolete : inventory.
(3) Record cut-off numbers: for all docs used in inventory & production cycle.
(4) Record GRN unmatched to Supplier Invoices. List of.
4) EXISTENCE:
a) Cut-off proves all that was purchased was included and all that was sold, was excluded.
b) Attend inventory count
c) Analytical review
119
120120 | P a g e Auditing Notes AUDI 101
INTRODUCTION:
1. Unique Characteristics:
a. Major Expense: results in an outflow of cash , to most businesses it is a MAJOR expense, not a small
one.
b. Involves Cash : many are still cash , exept electronic transactions.
c. Internally generated transactions : most documents are internally generated, not by eg external
suppliers.Fraud is thus easy with this.
d. Susceptibility to fraud: wage frauds are not uncommon because:
i. Cash is easy to conceal/steal
ii. Adding fictitious hours/or workers needs no external documentation.
iii. Large amounts of money can be generated, by 20 extra employees, to bribe collusion wage
dept.
e. Continuity of Operations: a workforce paid 1 day late is very upset, not suppliers.Thus
Contingency Plans Needed.
f. Major Risks Within the Cycle.
i.
1- Obtain max 1-Payroll Amendment 1- Unnecessary or 1-Requests: for new retain or old dismiss must be from
PERSONNEL efficiency from Form.(PAF) unsatisfactory 1-DEPT making request, IN WRITING
workforce by 2-Employees File. :recruit/retain such 2-Signed by section head , countersigned
(Human control: employees. by sect.
Resources) 1-Dismissals 2- Dismissal : Incorrect manager,after reference to the budget.
2-Recruitments procedures. 2-Pay Rate / promotions /other service conditions :
3-Wage 3-Unauthorised 1- Decided by Wage Committee/ or Personnel
negotiations amendments to Dept. after
4-Labour employee records. 2-Consultation with interested parties eg
disputes -fictitious add UNION
5 Keep Records - wage rate change representative
for 3-Consider Laws & Regulation : eg min. pay
employees(Accu rate/overtime etc.
rate Complete) 4-Documented + Authorised by body
produce authorizing eg: Wage
clockcards from Committee/ Personell
these. 3-Payroll Amendment Form(PAF) : all above to here +
1-Cross Ref to supporting docs +
2-Signed by senior Personnell Dept.
3-Regular Review Gaps in file of PAFS :
sequence&validity.
4-Competent trustworthy Personel :
1-use sound Personell Practices
(interview/background
checks.)
5-File Of Each Employee : to be kept incl :
1-copies of relevant PAF’s
2-employment contract
3-performance appraisals & disciplinary
warnings
4-personal details including qualifications
,background info.
2- 1-KEEP VAC record 1-Clock cards 1-invalid Hrs recorded.by 1-Entry & Exit points of Work area:
TIMEKEEPIN of valid hrs worked 2-Batch control sheet eg: 1-limited (preferably just 1)
2-Clockmachine 3-batch register. Fictitious employee 2-protect by turnstile mechanism(counts in/out)
G commonly used Clock for absent friend 3-supervised during clocking periods(watch that no
3-daily hrs added Clock in + leave double clock etc.)
for week & sent to premises. 2-Clockcard : prepare by Personell Dept only,strictly per
payroll 2-hrs incorrectly added “authorized
preparation. for normal / overtime employee list.”
3-At end of WEEK : (usual Wednesday Afternoon)
1-agree no. of cards VS list of employees in
section.
2- calculate ordinary time
3- calc. overtime
4- divide into workable batches(25)
5- Do batch control sheet:
a-ID section&week
b-control totals(tot.hrs,no.of cards etc)
c-signature
4-Batches: a- Before batch transferred to payroll section
head must:
1-check calculations
2-authorise overtime( need for overtime to be
confirmed
before it is worked)
3- check & sign batch control sheet\
b- Batch Register : details of batch to register
& then securely
transferred to Payroll Preparation
3-PAYROLL Calc. 1-Clock cards 1-Include fictitious 1-Wage clerk check details of batch & sign register on
wages&deductions 2-Deduction tables employee receipt from timekeeping.
PREPARATI
. From hrs. and 3-Updated List of 2-Use Incorrect/ 2-Wage clerk prepare:
ON: record on payroll. employees Unauthorized pay 1-payroll
(wages journal) 4-Payroll (Journal) rates/hrs/deduction 2-coinage schedule
tables. 3-Recon : this week VS last week
3-Cast & Calculation (no.employees+amounts net)
errors. 4-A RECORD: control totals for overtime & hrs worked
etc.
121
122122 | P a g e Auditing Notes AUDI 101
3-Supervisor or 2nd wage clerk :
1-verify hrs&rates used VS clockcards & employee
lists.
2-verify deductions VS relevant table
3-Reperform calculations & wage recon.
4-Sign
4-Head of Payroll Prep : SIGN 1-payroll 2-recon (week to
week one) after careful review.
5-Cheque for wages: give with 1-payroll 2- recon to 2
cheque signatories who :
1-review for unusual eg large amounts , excessive
overtime.
2-check signatures :for control signatures
3-sign payroll & recon
4- PAYMENT 1-Prepare Pay- 1-Payroll 1-Errors or theft of cash1- 2 people to make up wage packets (where there is cash
PREPARATI packets 2-Payslips & during allways 2+) (and also “physical” security over cash
2-Distribute 3-Paypackets 1-drawing of cash handling tight)
ON Wages 4-Unclaimed wages 2-making up 2- Delivery of Wages to payout: section head must
&PAYOUT 3-Unclaimed register paypackets 1- agree no. paypackets to payroll.
VERY NB: wages recording. 3-payment of 2-agree control totals : batch register ot.hrs , no.
employees cards.
2-Theft of Unclaimed 3-sign payroll to show receipt & control procedure
Wages done.
3- Lock away paypackets till payout
4- 2 people min. do payout :independant paymaster &
foreman
5- Employees must:
1-show ID
2-sign payroll (to show receipt)
3-count & report discrepencies immediately. (tick sheet
on
employment date to say read this- tick each & sign.
6- collect for another person : MAY NOT collect the
paypacket.
7- AFTER payout: foreman & independent paymaster
must :
1-agree all unclaimed paypackets to payroll
2-identify on payroll all employees with unclaimed
paypacket.
3-Unclaimed wage register : fill it in
4-Sign Payroll :to acknowledge this control
procedure.
8- Lock away by paymaster : unclaimed paypackets AND
payroll
9- Collect Unclaimed Wages : show ID + Sign unclaimed
wage
register(not payroll) (it could be a fictitious employee!)
10-After 2 weeks: unclaimed to be a-Banked + b-Copy
deposit slip
attached to register + c-Cross-Ref to entries
11- Reconciliation : unclaimed wage packets to unclaimed
wage
register +CHECK FOR UNUSUAL OCCOURANCES eg
more
unclaimed in one section than another.
POINTS BY LECTURER:
-physical security : high windows + no disturbance allowed
during
the paypacket filling with cash.
-people who will count out cash must declare how much
cash they
have when they walk into the room- if short wages they
must be
searched. & use other people eg creditors or debtors clerk,
not
same ones who prepared the wages. Also someone must
observe
them to make sure they put nothing in their pockets.
-unclaimed: recon to blank spaces on register
5- 1-To record 1-General Ledger 1-penalties due to non- 1-One Single Person to raise & pay deductions :isolate
DEDUCTION liabilities in 2-Payroll (wage payment or late payment responsibility
respect of journal) or underpayment. so no confusions develop
S: PAYMENTdeductions 3-Cash Payment 2-criminal/civil charges 2-a strict monthly schedule for :
& & settle them in Journal due to non-payment (this 1-post entries to raise liabilities for deductions
RECORDING time 4-Return form is theft) 2-make payments timeously
3-Overpayments : 3-supervisory checks on above activities
. losses due to 3- Signing cheques: Payroll Journal & Return forms should be
presented for scrutiny before signing .
122
123123 | P a g e Auditing Notes AUDI 101
4- independent monthly scrutiny of general ledger accounts
for deductions (liability/ creditor account) by the financial
accountant , to be sure they are being cleared
INTRODUCTION
1) Risk of misappropriation is high so direct lots of resources to this one
2) EXPENSE total, not a BALANCE total which can be reconciled to an asset.
3) Auditor must be reasonable certain controls operated efficiently throughout the year to produce VAC total.
4) Substantive tests:
a) Test recording of hours
b) Confirm employees do exist
c) Test week to week changes to PAF
d) Accuracy of calculations & deductions
e) Confirm deductions are paid over
f) Extensive Analytical review
5) BASE WEEK METHOD: common method is to test 1 or 2 base weeks to be sure they are 100% correct, then
just compare& recon them to all other weeks in year and do ANALYTICAL COMPARISONS.
ASSERTIONS:
1) OCCOURANCE : most important one because The Highest risk = overstatement of expense by incl. fictitious
payments
2) ACCURACY:
3) CUT- OFF:
4) CLASSIFICATION: in the proper accounts
5) COMPLETENESS : not normally a risk exept make sure no illegal immigrants and not record wages/ or illegally
low wages to those who need a job.= reportable irregularity + contingent liabilities (fines/penalties/ illegal)
6) DEDUCTIONS: the Liabilities part does not form part of this and is done when “creditors” are audited , not
here.
123
124124 | P a g e Auditing Notes AUDI 101
viii) AUDIT SOFTWARE: Check masterfile for Error conditions which show fictitious employee
(1) Duplicated/missing ID no.
(2) Duplicated/missing Tax No.
(3) Duplicated: employee no (only duplicated)
(4) Duplicated: Bank acc. No.
2) ACCURACY , CUT-OFF , CLASSIFICATION
a) Inspect : Salaries register Gross salary VS personnel section listing
b) Inspect: if there were lately salary changes – inspect authorized list of salary increases VS actual salary
paid to see if correct one was used.
c) Deductions: PAYE/Med aid etc check if correct was made, if wrong ask personell&employee
d) Returned Salary Cheques: correct crossings, + suspicious endorsements + correct amount per salary
register.
e) Recompute: 1-deductions & 2-salaries register casts & cross-casts.
f) DATES & details : on Paid cheques VS return forms for : deductions Clearing Accounts+ salaries paid
pertain to correct cut off AND deductions paid timeously.
3) GENERAL ANALYTICAL PROCEDURES:
a) Salaries : Month TO Month any large fluctuations by division/branch/dept etc.
b) Ratio & Trend :
i) Commission % of TOTAL SALES
ii) Salaries as % of TOTAL EXPENSES
c) Payroll ledger accounts : STRANGE/’out of ordinary’ amounts eg 13 th cheque/ lump sum payments
4) ASSERTIONS PERTAINING TO PRESENTATION & DISCLOSURE:
a) Disclosures in notes:
i) Complete in terms of IAS (international acc. Standards) and 4th schedule eg directors emoluments&
post employment benefits
ii) Consistent with Evidence gathered on the audit
iii) Amounts, facts details accurate & agree with evidence
iv) Classification: of info is appropriate.
v) Wording Clear & Understandable
5) NOTE 1: illegal employees : if auditor has a suspicion :
a) Do a reverse identification ( employee against list, not visa versa)
b) Alert to unsupported payments
c) Alert secret bank accounts.
6) NOTE 2 : Salaries by EFT:
a) Obtain mnthly schedule of EFT from bank = 3rd party evidence used to gather substantive evidence
7) NOTE 3: Month to month Recon :
a) Use it to vouch & verify movements on the Payroll Journal eg incr. means you check appointsments
documentation and salary increase authorizations.
124
125125 | P a g e Auditing Notes AUDI 101
(3) Duplicated: employee no (only duplicated)
(4) Duplicated: bank acc. No.
c) CHECK HRS RECORDED WERE ACTUALLY WORKED (occourance)
i) The following tests of control during the base week are done
(1) Observe if clocking controls limit fictitious people & hrs (in morning/evening)
(2) Integrity Foreman : ask management of his integrity
(3) Foremans Signature : inspect it authorizing the overtime
(4) Reperform calc. of hrs worked on clockcard
(5) Evaluate possibility of hrs could be credited to employee after ‘clocking’ eg during payroll
preparation.
ii) The rest of the year is checked by comparing to he base week., any large fluctuations are followed up.
2) ACCURACY , CUT-OFF, CLASIFICATION:
a) FOR WEEKS of surprise attendance :check payroll& supporting docs, to confirm
i) Wage rates are authorized (employee list)
ii) Total hrs calculated correct AND overtime+normal are correct.
iii) Deductions correct as per tables
b) RECALCULATION:
i) Extentions& casts correct
ii) Gross wages- deductions=net pay
iii) Classification: postings from Journal to legder are to correct accounts.
c) DEDUCTION CLEARING ACCOUNTS: check if cleared timeously – by inspect cheques and bank transfer
documents.
3) COMPLETENESS
a) If suspect wages paid not recorded(eg illegal immigrants)
i) Reverse ID check (shelf to sheet)
ii) Enquire senior mngmnt illegal workers
iii) Alert to unsupported payments –esp.cash amounts
iv) Check validity of ‘casual wages’
4) GENERAL / ANALYTICAL PROCEDURES
a) on each subsequent visit after base week ,
b)
c) Wages : week to week any large fluctuations by net wages,/division/branch/dept etc.
d) To Total wages last year
e) Production /or total no. employees vs Wages
f) Trace Ledger wage balances to Trial Balance
g) Ratio & Trend :
i) Commission % of TOTAL SALES
ii) Salaries as % of TOTAL EXPENSES
h) Payroll ledger accounts : STRANGE/’out of ordinary’ amounts eg 13 th cheque/ lump sum payments
5) ASSERTIONS AS TO PRESENTATION & DISCLOSURE:
a) Only related disclosures eg: post employment benefits.
125
126126 | P a g e Auditing Notes AUDI 101
HOW TO DO A RECONCILLIATION FOR SALARIES AND WAGES AS PER IAS
ACC. STANDARDS IN THE NOTES TO THE FIN. STATS.
126